Penetration Testing mailing list archives
Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Tue, 27 Apr 2004 08:49:09 +0200
Paul Johnston wrote:
1) How reliable have people here found nmap and nessus to be?
Nmap -- fairly reliable, but don't trust it blindly. There have been some versions where scans either didn't work at all (RPC-scan), or where they silently began to deviate from the specified scan (if I remember, ACK-scan with specified source port). Those problems seem to be gone now, but I'm still a bit suspicious of using it blindly on anything larger than a C net more than a dozen hops away. Anything outside that probably calls for some kind of decision about what timing characteristics that many hops or that many hosts require. (Hm. Detecting 'old' packets would be useful here ...) And I never allow it to draw conclusions from missing data (such as assuming that absence of responses to UDP-scans indicates open UDP ports). nessus -- I don't trust it. It may provide leads, but each needs to be verified independently. Haven't checked it recently, but I remember that I found that testing vulnerabilities in ONC RPC services trusted the portmapper data entirely, and didn't even check that the identified ports did in fact run the announced services, and that was below the reporting quality I want. (That can be useful for assessing a vulnerability assesment, by the way ... let portmapper announce rex on some port, but run a web server on it instead.) But then trust is a rather individual thing. As it is your trust that matters decide what tests or checks you need to get the confidence you need, and then do them. -- Anders Thulin anders.thulin () tietoenator com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Paul Johnston (Apr 22)
- Web site testing Jerry Shenk (Apr 23)
- Re: Web site testing Josh Tolley (Apr 23)
- Re: Web site testing Dan Goldberg (Apr 23)
- RE: Web site testing Jerry Shenk (Apr 23)
- RE: Web site testing Clement Dupuis (Apr 26)
- Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Anders Thulin (Apr 27)
- Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket James Davis (Apr 30)
- Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Renaud Deraison (Apr 30)
- <Possible follow-ups>
- Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Don Parker (Apr 23)
- RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Brass, Phil (ISS Atlanta) (Apr 26)
- RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Robert E. Lee (Apr 26)
- RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket Bénoni MARTIN (Apr 30)
- Web site testing Jerry Shenk (Apr 23)