Penetration Testing mailing list archives
RE: Vulnerability Scanning
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 1 Mar 2004 13:34:54 -0500
One thing I'm running into where I am right now is a situation where patches have been applied in a non-chronological order. As a result, in some cases the older patch has replaced files from a newer patch, and so the system is vulnerable despite appearing to be current on patches. We're now going around and re-patching, using all necessary patches in the correct order, but ultimately the situation explained why we were showing vulns on systems that were 'patched'.
-----Original Message----- From: wirepair [mailto:wirepair () roguemail net] Sent: Friday, February 27, 2004 2:39 PM To: pen-test () securityfocus com Subject: Vulnerability Scanning lo all, After reviewing some scan results and finding a number of false positives from nessus (primarly in XP hosts), I began to become a bit more concerned than I already was. This is in no way reflecting upon nessus's ability to find vulnerabilities and I truely believe all scanners have these issues. The question is, what does everyone else do about this? Obviously scanners are never going to be 100% accurate. So I started to think of ways of checking if these vulnerabilities exist or not. First using a known exploit obviously gives a more accurate analysis, but known exploits aren't always available. Yes I can write my own for said vulnerability but sometimes this isn't exactly possible, for instance some vulnerabilities require a user to say click on a malicious link, which isn't always feasible when testing 300 workstations. So what else can we do? Check the registry manually, this is an option but very time consuming, does anyone actually do this??? At this point I believe I'm going to have to start trying. Does anyone simply say, some of these are false positives and we can't do anything about it? I highly doubt a client will like to hear that. Also some vulnerabilities are simply too dangerous, windows vulnerabilities in particular that can cause the host to reboot. Not every vulnerability is perfectly exploited. So what are the other options people use/feel comfortable with? Thanks for any responses... -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_pen-test_040201 ----------------------------------------------------------------------------
Current thread:
- Re: Vulnerability Scanning simonis (Mar 01)
- <Possible follow-ups>
- Re: Vulnerability Scanning H Carvey (Mar 01)
- Re: Vulnerability Scanning R. DuFresne (Mar 01)
- Re: Vulnerability Scanning BRIAN HUNTER (Mar 01)
- RE: Vulnerability Scanning Rob Shein (Mar 01)
- RE: Vulnerability Scanning Haseeb Chaudhary (Mar 02)