Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: ISS Internet Scanner Cannot be relied upon for conclusive

Re: ISS Internet Scanner Cannot be relied upon for conclusive

Jim Trocki (trockijTRANSMETA.COM)
Thu, 11 Feb 1999 10:46:40 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Demian Ginther: "Re: Win98 Screensaver - A Interesting Problem"
Previous message: Rodrigo Campos: "Re: [proftpd-l] root compromise ? (fwd)"
In reply to: David LeBlanc: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Next in thread: David LeBlanc: "How scanners actually work"

On Tue, 9 Feb 1999, David LeBlanc wrote:

> >How does ISS handle the NT example referenced above??
>
> We get that one right.  All the NT patch checks are based on file
> timestamps, not service pack numbers.  We have seperate checks for just
> service pack numbers, since you need less access to get the SP level than
> to get timestamps on system files.

C'mon. Haven't you learned to use digital signatures (like MD5) instead
of timestamps to identify files? A timestamp is a bunch of crap, and
it has no relation at all to the contents of the file. You could easily
build a database of MD5 hashes of the different DLLs which are included
in each different service pack, and use that to identify SP levels.

Jim Trocki <trockijtransmeta.com>
Computer System and Network Engineer
Transmeta Corporation
Santa Clara, CA

Next message: Demian Ginther: "Re: Win98 Screensaver - A Interesting Problem"
Previous message: Rodrigo Campos: "Re: [proftpd-l] root compromise ? (fwd)"
In reply to: David LeBlanc: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Next in thread: David LeBlanc: "How scanners actually work"