Re: Why eEye Retina (was MBSA scanner)

From: Frederic Charpentier (fcharpentier@xmcopartners.com)
Date: Tue Apr 20 2004 - 12:24:14 EDT

• Next message: Jeremy Junginger: "HTTP Manipulation"
• Previous message: Blake Wiedman: "RE: Bank Assessment"
• In reply to: clarke-cummings@columbus.rr.com: "Why eEye Retina (was MBSA scanner)"
• Next in thread: Román Ramírez: "RE: Why eEye Retina (was MBSA scanner)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

because the purpose of theses scanners (retina, shadow, languard,
nessus, iss..) is to find vulnerability.

The customer pays to find vulns and they are happy to find a lot.

For a customer, a good scanner find a lot of vulns.

that's it.

The only reliable way to check for a vuln, is to test the machine with
the real exploit or to look the program release (dll version or rpm -qa) !

Example : the fact to know that a web server is apache1.3.26 doesn't
mean that this server is vulnerable to the apache_chunked exploit. It
could be patched or running under another os.....

Fred

clarke-cummings@columbus.rr.com wrote:

> Hello Everyone,
>
> We recently began evaluating eEye's Retina product for our vulnerability
> assessment tool. We have found the results to be very inconsistent,
> showing us vulnerable to issues that have been patched. We've verified the
> patches manually, with MBSA, HFNETCHK, and LanGuard. eEye didn't have a
> good answer as to why the results were so inconsistent. Any guesses?
>
> Also, how is their support response for those that are customers? As a
> trial customer they aren't a very impressive organization.
>
> Thanks in advance for the help.
>
> Cheers,
> Clarke
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Jeremy Junginger: "HTTP Manipulation"
• Previous message: Blake Wiedman: "RE: Bank Assessment"
• In reply to: clarke-cummings@columbus.rr.com: "Why eEye Retina (was MBSA scanner)"
• Next in thread: Román Ramírez: "RE: Why eEye Retina (was MBSA scanner)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT