Penetration Testing mailing list archives

Re: Nessus, Harmful?

From: "Adrian Puente Z." <puenteadrian () gmail com>
Date: Mon, 11 Jan 2010 13:20:02 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In my experience:

Yes, it can be. You should tweak the settings based on the OS, cpu and
nerwork load and services he is running. Some tests can be intrusive os
can devour the CPU or the network. I have some experiencie killing
servers with Nessus and it's not fun. You should try with the
development enviroment first, and see what happens.

bests,



- --
Adrián Puente Z.
[www.hackarandas.com]
Donde las ideas se dispersan en bytes...

"... ruego a mi orgullo que se acompañe siempre de mi prudencia,
y si algún día mi prudencia se echara a volar, que al menos
pueda volar junto con mi locura"
        --Nietzche

Huella: FBD6 4C36 2557 C64C 1318  70A8 F561 CB6F 4E40 5AFB
http://www.hackarandas.com/apuente_at_hackarandas.com.asc.gz



lukasz () piatek pl wrote:

Hi.

As long as I have been using Nessus (for about 7 years) I never noticed such problems. The truth is that Nessus can 
cause certain law related problems if used in inappropriate manner (certain in depth scans can trigger IDS/IPS alerts 
which may lead to prosecution -- you may be taken as a intruder). If you want to do it legally do not bother about 
any unintentional DoS.

Regards,
&#321;ukasz Pi&#261;tek

http://blog.lukaszpiatek.com
http://lukasz.piatek.pl
http://ntsecurity.pl

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktLed4ACgkQW2tF/eN2yfYZZwCfcqH6nGwAWfAiVbgUzHFEsFZl
YvYAn0aMO4UwTkxsZqSya5tQ4e7KHGGA
=ziBe
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Nessus, Harmful?, (continued)
- Re: Nessus, Harmful? John Jasen (Jan 28)
  - RE: Nessus, Harmful? Genaro Liriano (Jan 28)
    - Re: Nessus, Harmful? Jeremy Brown (Jan 28)
    - Re: Nessus, Harmful? Adriel T. Desautels (Jan 28)
- Re: Nessus, Harmful? Shohn Trojacek (Jan 28)
  - Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
    - Re: Nessus, Harmful? bugs (Jan 29)
    - Re: Nessus, Harmful? rajat swarup (Jan 29)
- Re: Nessus, Harmful? lukasz (Jan 11)
  - Re: Nessus, Harmful? Edin Dizdarevic (Jan 11)
  - Re: Nessus, Harmful? Adrian Puente Z. (Jan 11)