|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners
From: Jeremiah Cornelius (jeremiah
nur.net)
Date: Wed Apr 28 2004 - 21:28:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 28 April 2004 15:35, nicolas vigier wrote:
> you get too much false positive because nessus only
> try to find the version and don't really test the vulnerability.
> I think the right way to do it is to use a scanner which will use
> an exploit to test the vulnerability. Unfortunately an exploit is
> not always avaible for every vulnerability.
This depends on the individual NASL script. Safe-checks only read banners,
port combinations, etc.
There is nothing preventing a NASL check from mimicking exploit behavior. For
instance, some of the DoS checks are canned 'sploits. There are unsafe SMTP
checks that will send mail to a file in the /etc or /var/log hierarchies.
This does not rely on banners, but behaviors. You could adjust the NASL to
do real harm to a vulnerable system.
True, Nessus doesn't run codes for a remote shell against indications of of a
buffer overflow. That's when judicious manual checking is called for - where
the tool leaves off.
Admins are in a privileged position to do these checks - as opposed to the
pen-test auditor whos hand checks require adoption of invasive behavior.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAkGhNJi2cv3XsiSARAsqQAJ4mFG2DYPvMKsshYJNcpsPz669vwACgjhbo
Il5M+As7tDyluevsvYBQt5g=
=jYUS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]