From: James Davis (jamesd@jml.net)
Date: Tue Apr 27 2004 - 15:24:53 EDT
Anders Thulin wrote:
> nessus -- I don't trust it. It may provide leads, but each needs to
> be verified independently. Haven't checked it recently, but I
remember > that I found that testing vulnerabilities in ONC RPC services
trusted > the portmapper data entirely, and didn't even check that the
> identified ports did in fact run the announced services, and that was
> below the reporting quality I want.
Your feedback would have been well received on the nessus-plugins list.
Nessus mostly depends upon volunteers to write, submit, and suggest
improvements to plugins. I'm not saying you should have to learn NASL
and script them yourself, but that there are many people who could have
used your ideas. M apologies if you have already done that.
James
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT