RE: vulnerabilities from pcap file



Another solution by Sourcefire - RNA - provides this kind of capability. It is commonly referred to in the industry as "passive vulnerability scanning". I would recommend checking out their RNA technology ... you'll be able to combine the data from RNA with IDS (assuming you're using Sourcefire), providing some helpful correlation.

While RNA will not provide the more comprehensive, active vulnerability scanning that you get from solutions like NeXpose, nessus, etc., it does provide some insight to host-based exposure that is not subject to scan windows, etc.

You may also want to consider a combined approach of active and passive vulnerability scanning. Along with RNA, you can download a copy of NeXpose Community Edition for free from the Rapid7 website to cover the active scanning component.



I hope this helps.


Sheldon Malm
Rapid7


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Maverick
Sent: Saturday, December 04, 2010 2:19 AM
To: Srinivas Naik
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: vulnerabilities from pcap file

But snort doesn't detect vulnerabilities on the host it just detects
intrusions so won't work for vulnerabilities detection on hosts.

On Fri, Dec 3, 2010 at 11:07 PM, Srinivas Naik <naik.srinu@xxxxxxxxx> wrote:
One way is to setup a snort testbed and replay the capture files.

Next Observe the Logs...

Hope this helps you.

Cheers,
Srinivas Naik

On Sat, Dec 4, 2010 at 12:33 AM, Maverick <myeaddress@xxxxxxxxx> wrote:

Hi All,
Is there any tool that can detect vulnerabilities that exist on hosts
by looking at the pcap captures of their traffic.

Thanks
MAK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Automatic remediatio&#8203;n using Nexpose
    ... It will update/patch any vulnerabilities it finds that can be patched ... which automatically installs the patches. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: vulnerabilities from pcap file
    ... Subject: vulnerabilities from pcap file ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Need Some Basic Information
    ... As nessus is a "knowledge base" driven tool, it cannot discover vulnerabilities which aren't in its base. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Need Some Basic Information
    ... As nessus is a "knowledge base" driven tool, it cannot discover vulnerabilities which aren't in its base. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • RE: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure
    ... Discovering vulnerabilities has something incremental in its process as much ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)