From: simonis@att.net
Date: Sat Feb 28 2004 - 20:32:21 EST
> lo all,
> After reviewing some scan results and finding a number of false positives from
> nessus (primarly in XP hosts), I began to become a bit more concerned than I already was.
> This is in no way reflecting upon nessus's ability to find vulnerabilities and I
> truely believe all scanners have these issues. The question is, what does everyone else do
> about this?
There are a variety of things to be done. First, and foremost, is reduce the number of checks to those that are both relevant and important. I seldom use more than a few hundred of
Nessus' thousands of checks. Also, experience will teach you that some checks result in false
positives in certain situations more often than in other situations. Account for this in
your preparation. If you've determined that the plugin is just too important and the situation
merits its inclusion, you may need to validate the results manually, either by additional tests
or through inspection.
As to what others do, many folks don't use scanners. Study of the target environment and the
selection of a few likely exploitable vulnerabilities are usually all one needs to gain some
level of success. Scanning is (usually, and IMO) best for "vulnerability assessment" and not
strictly "penetration testing", where those two are defined as different in my lexicon.
-Ds
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT