Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners

From: Jeremiah Cornelius (jeremiah_at_nur.net)
Date: 04/29/04

  • Next message: Jeremiah Cornelius: "Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 28 Apr 2004 19:28:20 -0700
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Wednesday 28 April 2004 15:35, nicolas vigier wrote:
    > you get too much false positive because nessus only
    > try to find the version and don't really test the vulnerability.
    > I think the right way to do it is to use a scanner which will use
    > an exploit to test the vulnerability. Unfortunately an exploit is
    > not always avaible for every vulnerability.

    This depends on the individual NASL script. Safe-checks only read banners,
    port combinations, etc.

    There is nothing preventing a NASL check from mimicking exploit behavior. For
    instance, some of the DoS checks are canned 'sploits. There are unsafe SMTP
    checks that will send mail to a file in the /etc or /var/log hierarchies.
    This does not rely on banners, but behaviors. You could adjust the NASL to
    do real harm to a vulnerable system.

    True, Nessus doesn't run codes for a remote shell against indications of of a
    buffer overflow. That's when judicious manual checking is called for - where
    the tool leaves off.

    Admins are in a privileged position to do these checks - as opposed to the
    pen-test auditor whos hand checks require adoption of invasive behavior.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFAkGhNJi2cv3XsiSARAsqQAJ4mFG2DYPvMKsshYJNcpsPz669vwACgjhbo
    Il5M+As7tDyluevsvYBQt5g=
    =jYUS
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jeremiah Cornelius: "Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners"

    Relevant Pages

    • NASL Split function Buffer overflow Vulnerability
      ... We have discovered a vulnerability in libnasl of Nessus which can ... Nessus Security Scanner includes NASL, ... debugging symbols found)...done. ...
      (Bugtraq)
    • nessus gtk yields empty scan
      ... nessus-libnasl-2.2.9_1 Nessus Attack Scripting Language ... The discovery may be accidental or through directed research; the vulnerability, in various levels of detail, is then released to the security community. ... the plug-ins should be updated. ... The native Unix GUI version is installed at server install time. ...
      (freebsd-hackers)
    • Re: Cross testing exploit with vulnerability scan results
      ... I have been using Nessus since years now.. ... scanner that might be temporary ... ... remember that vulnerability scanning with an automated scanner is ... else you may download 'bad code'. ...
      (Pen-Test)
    • nessus scan - epmap (135/tcp)
      ... As somebody has already pointed out, the version of Nessus is a little ... Nessus (as well as other true vulnerability ... passive vuln scanner for this), but that they do not actively exploit the ... Security Trends Report from Cenzic ...
      (Pen-Test)
    • Vuln Scan vs. Pen Test -- WAS: Re: Penetration testing books
      ... but does cover Nessus very well. ... A vulnerability scan is NOT a penetration test! ... "Pen Test Report" on the client's door step along with their invoice. ... even the most lamely deployed firewall will filter the majority of the ...
      (Security-Basics)