Nessus
From: Sam Pro (spro1_at_uic.edu)
Date: 05/28/03
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
- Previous message: Skye Roberts: "Question about network security in embedded environment"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: Nessus"
- Reply: phn_at_icke-reklam.ipsec.nu: "Re: Nessus"
- Reply: ObiWan: "Re: Nessus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 May 2003 19:37:01 -0700
Okay, I have been put in charge of doing a security audit on our
network because of a recent rash of IRC bots eating up bandwidth. I
have setup a Linux box and ,among a few other tools, installed Nessus.
I have been doing some preliminary scans over a few test machines.
It is doing a great job of identifying compromised machines, and
showing some holes that need to be covered. However, I am conserned
mostly with NT boxes with blank/weak passwords. Can Nessus do this?
I have tried enabling all the plugins, but it just isn't alerting me
of accounts with blank passwords. I would really like Nessus to
enumerate netBIOS accounts and then use a dictionary attack against
them. Am I going to have to write my own plugin? Maybe something
other then Nessus will work better for this?
Also, does anyone know what minimum conditions need to be present on
the target machine for a hacker to pull account names and then be able
to gain full access through a dictionary/brute attack?
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
- Previous message: Skye Roberts: "Question about network security in embedded environment"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: Nessus"
- Reply: phn_at_icke-reklam.ipsec.nu: "Re: Nessus"
- Reply: ObiWan: "Re: Nessus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
