IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco CTR

From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 17 Nov 2003 16:17:17 -0500
Just a clarification on NeVO ...

At 03:03 PM 11/17/2003 -0500, Martin Roesch wrote:
" The version of Nevo that I saw a couple months ago was doing OS fingerprinting in support of passive vulnerability analysis, " 

NeVO does do passive OS fingerprinting with p0f2 fingerprints, but
that's only one of the checks it does, and the OS it finds has nothing
to do with the vulnerabilities it finds. For a vulnerability to ping
in NeVO, we really need to see evidence of it on the wire. We've built
a similar detection engine into NeVO as with Nessus. For example it
can detect an anonymous ftp server running on a high port.

Ron Gula





---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. 
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: