Re: "Nessus calls home"? Facts of the matter.

[InfoSec News <isn () c4i org>]

Forwarded from: bschnzl () bigfoot com
Cc: deraison () nessus org

How 'bout letting us specify our own domains, making example.com the
default, and putting a notice in the results!

You could use nessus.org as the default to make sure DNS did not get
in the way.  The notice in the results would make that legit.

In a message titled [ISN] "Nessus calls home"?  Facts of the matter. ,
on 9 May 2002 at 2:06, InfoSec News sent these words:

> Forwarded from: Jay D. Dyson <jdyson () treachery net>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Courtesy of Renaud Deraison (forwarded with permission).
>
> I believe this should be given wide dissemination to dispel the rumors
> that flew around CanSecWest.  -Jay
>
>
> - ---------- Forwarded message ----------
> Date: Wed, 8 May 2002 16:50:09 +0200
> From: Renaud Deraison <deraison () nessus org>
> To: nessus () list nessus org
> Subject: "Nessus calls home"
>
> Hi,
>
> I attended CanSecWest last week and I was told there were rumors of people
> complaining about Nessus "calling home" when doing a scan. 
>
> In order to clear the confusion, here's a small explanation of what Nessus
> does, followed by a short poll asking you what you'd prefer it to do. 
>
> First, let me emphasizes something : Nessus does *not* call home. It never
> does, never did and never will. 
>
> However, the checks have a side effect that may have the naughty side
> effect to sending some packets to nessus.org, which can make people think
> I have the ability to monitor their scans - here's the list : 

[...]

Bill Scherr IV, GSEC, GCIA
Electronic Warfare Associates / IIT
Lafayette RTI, Camp Johnson
Colchester, VT 05446
802-338-3213



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.