Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket

From: James Davis (jamesd_at_jml.net)
Date: 04/27/04

  • Next message: Filipe A.: "PacketShaper" 
    Date: Tue, 27 Apr 2004 20:24:53 +0100
To: pen-test@securityfocus.com

    Anders Thulin wrote:

    > nessus -- I don't trust it. It may provide leads, but each needs to
    > be verified independently. Haven't checked it recently, but I
    remember > that I found that testing vulnerabilities in ONC RPC services
    trusted > the portmapper data entirely, and didn't even check that the
    > identified ports did in fact run the announced services, and that was
    > below the reporting quality I want.

    Your feedback would have been well received on the nessus-plugins list.
    Nessus mostly depends upon volunteers to write, submit, and suggest
    improvements to plugins. I'm not saying you should have to learn NASL
    and script them yourself, but that there are many people who could have
    used your ideas. M apologies if you have already done that.

    James

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Filipe A.: "PacketShaper"