Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nessus, Harmful?

From: Edin Dizdarevic <SecurityFocus () truesec de>
Date: Mon, 11 Jan 2010 20:05:11 +0100
Depends on how intensively you scan. Depends on which modules you use. Depends on many things.
So far it happened to me only once to crash a system because of an error in the network driver. I must admit it was using nmap. But nmap is a tool I would assume even less harmful.
It should not happen but it did so a residual risk is always there. But normally it should not harm anything unless you use it wrong way. I would not use any assessment tool on a production system in any case. 

Rgrds,
Edin


lukasz () piatek pl schrieb:

Hi.

As long as I have been using Nessus (for about 7 years) I never
noticed such problems. The truth is that Nessus can cause certain law
related problems if used in inappropriate manner (certain in depth
scans can trigger IDS/IPS alerts which may lead to prosecution -- you
may be taken as a intruder). If you want to do it legally do not
bother about any unintentional DoS.

Regards,




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: