Nessus question
From: Sam Pro (spro1_at_uic.edu)
Date: 05/28/03
- Next message: Big Bird: "what do you think?"
- Previous message: thund3rstruck_n0i_at_hotmail.comremove: "Re: ANY EXPERIENCE WITH WebRamp 700s?"
- Next in thread: Mike: "Re: Nessus question"
- Reply: Mike: "Re: Nessus question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 May 2003 19:30:44 -0700
Okay, I have been put in charge of doing a security audit on our
network because of a recent rash of IRC bots eating up bandwidth. I
have setup a Linux box and ,among a few other tools, installed Nessus.
I have been doing some preliminary scans over a few test machines.
It is doing a great job of identifying compromised machines, and
showing some holes that need to be covered. However, I am conserned
mostly with NT boxes with blank/weak passwords. Can Nessus do this?
I have tried enabling all the plugins, but it just isn't alerting me
of accounts with blank passwords. I would really like Nessus to
enumerate netBIOS accounts and then use a dictionary attack against
them. Am I going to have to write my own plugin? Maybe something
other then Nessus will work better for this?
Also, does anyone know what minimum conditions need to be present on
the target machine for a hacker to pull account names and then be able
to gain full access through a dictionary/brute attack?
Thanks....
- Next message: Big Bird: "what do you think?"
- Previous message: thund3rstruck_n0i_at_hotmail.comremove: "Re: ANY EXPERIENCE WITH WebRamp 700s?"
- Next in thread: Mike: "Re: Nessus question"
- Reply: Mike: "Re: Nessus question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
