Re: Nessus, Harmful?



Hello,

Few years ago even with one nessus I've managed to crash older cisco catalyst switches. It's all in the choice of plugins.

Best Regards,
Danijel

Shohn Trojacek wrote:
Hello,

Once, several years ago I had hacked up nessus a bit into what could
only be described as a "scanning cluster". I found that I was able to
reboot Cisco catalyst switches about every 10 minutes when I had 16
machines running scans in parallel. This is an extreme example though.

I've had other scanners including various Web app scanners bring
things down too. In some cases, I had a replication of the production
environment and then scanned the "mock" production environement when
availability was more concerning than confidentiality.

Generally, I've found it better to just be straight forward and honest
about the risks and this calms people. If you seem skittish, they will
be too.

Godspeed,

Shohn

On Wed, Jan 6, 2010 at 11:17 PM, Zaki Akhmad <zakiakhmad@xxxxxxxxx> wrote:
Hello,

I want to do a nessus scanning, but before I'd like to know is it
nessus scanning harmful? Because I don't want to make the server down.

Thanks!
--
Zaki Akhmad

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Nessus, Harmful?
    ... vulnerability scanners (nexpose, nessus, qualys, saint etc) have dealt ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Nessus, Harmful?
    ... I'm likely preaching to the choir here; but something I would advise with Nessus or any other vulnerability, configuration, patch or port scanning tool: ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Nessus, Harmful?
    ... Also post this question to the Nessus mailing list...you'll definitely ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Nessus, Harmful?
    ... nessus already disabled all harmfull or any DOS attack. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)