Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket

From: Anders Thulin (Anders.Thulin_at_tietoenator.com)
Date: 04/27/04

  • Next message: roberto unbaggi: "asp restriction configuration weaknesses" 
    Date: Tue, 27 Apr 2004 08:49:09 +0200
To: Paul Johnston <paul@westpoint.ltd.uk>

    Paul Johnston wrote:

    > 1) How reliable have people here found nmap and nessus to be?

       Nmap -- fairly reliable, but don't trust it blindly. There have been
    some versions where scans either didn't work at all (RPC-scan), or where
    they silently began to deviate from the specified scan (if I remember, ACK-scan
    with specified source port). Those problems seem to be gone now, but
    I'm still a bit suspicious of using it blindly on anything larger than a C net
    more than a dozen hops away. Anything outside that probably calls for some kind
    of decision about what timing characteristics that many hops or that many hosts
    require. (Hm. Detecting 'old' packets would be useful here ...) And I never allow
    it to draw conclusions from missing data (such as assuming that absence of
    responses to UDP-scans indicates open UDP ports).

       nessus -- I don't trust it. It may provide leads, but each needs to be verified
    independently. Haven't checked it recently, but I remember that I found that testing
    vulnerabilities in ONC RPC services trusted the portmapper data entirely, and
    didn't even check that the identified ports did in fact run the announced services,
    and that was below the reporting quality I want. (That can be useful for assessing
    a vulnerability assesment, by the way ... let portmapper announce rex on some port,
    but run a web server on it instead.)

       But then trust is a rather individual thing. As it is your trust that matters
    decide what tests or checks you need to get the confidence you need, and then do them. 

    -- 
Anders Thulin   anders.thulin@tietoenator.com   040-661 50 63	
TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
  • Next message: roberto unbaggi: "asp restriction configuration weaknesses"
    • Quantcast