From: Anders Thulin (Anders.Thulin@tietoenator.com)
Date: Tue Apr 27 2004 - 02:49:09 EDT
Paul Johnston wrote:
> 1) How reliable have people here found nmap and nessus to be?
Nmap -- fairly reliable, but don't trust it blindly. There have been
some versions where scans either didn't work at all (RPC-scan), or where
they silently began to deviate from the specified scan (if I remember, ACK-scan
with specified source port). Those problems seem to be gone now, but
I'm still a bit suspicious of using it blindly on anything larger than a C net
more than a dozen hops away. Anything outside that probably calls for some kind
of decision about what timing characteristics that many hops or that many hosts
require. (Hm. Detecting 'old' packets would be useful here ...) And I never allow
it to draw conclusions from missing data (such as assuming that absence of
responses to UDP-scans indicates open UDP ports).
nessus -- I don't trust it. It may provide leads, but each needs to be verified
independently. Haven't checked it recently, but I remember that I found that testing
vulnerabilities in ONC RPC services trusted the portmapper data entirely, and
didn't even check that the identified ports did in fact run the announced services,
and that was below the reporting quality I want. (That can be useful for assessing
a vulnerability assesment, by the way ... let portmapper announce rex on some port,
but run a web server on it instead.)
But then trust is a rather individual thing. As it is your trust that matters
decide what tests or checks you need to get the confidence you need, and then do them.
-- Anders Thulin anders.thulin@tietoenator.com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT