RE: nessus exceptions

From: Marc Heuse (marc.heuse@nruns.com)
Date: Wed Aug 04 2004 - 03:35:17 EDT


Hi chris,

using a fake ftp server which emulates anonymous ftp and logging all the
requests should do the trick.
ISS, Nessus, and all other scanners use a password for the anonymous login
which is unique.
e.g. Nessus uses "nessus@" as anonymous password, ISS "-iss@iss", even old
satan :-) uses "-satan@"
you can identify even webbrowsers and other security tools like amap/nmap
etc.

You can use honeyd (www.honeyd.org) for this.

Greets,
Marc

====================================================================
Marc Heuse
n.runs GmbH
Mobile Phone: +49-160-98925941
Key fingerprint = AE3F CDC0 8C7B 8797 BEAC 4BF8 EC8F E64B 0A84 EA10
====================================================================

-----Original Message-----
From: Chris Griffin [mailto:cgriffin@dcmindiana.com]
Sent: 02 August 2004 20:58
To: pen-test@securityfocus.com
Subject: nessus exceptions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,
Im trying to find some good holes, that aren't major security issues,
that i can create on a machine to see if our testing company really
uses anything other than nessus.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
cC69CeYr16OsfuYu6u1oe8U=
=bGZi
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT