[MLUG] Security Scanners/Network Security/Nessus/Etc.

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: [MLUG] Security Scanners/Network Security/Nessus/Etc.
From: Jason McIntosh <EMAIL:PROTECTED>
Date: 06 Mar 2003 12:09:24 -0600
List-archive: <http://mlug.missouri.edu/pipermail/members>
List-help: <mailto:EMAIL:PROTECTED>
List-id: MLUG Members <members.mlug.missouri.edu>
List-post: <mailto:EMAIL:PROTECTED>
List-subscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
List-unsubscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
Organization: MLUG
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

General question which may have been asked before, but updated responses
are of course welcome :)

We're doing network scans (or attempting to) using various tools. 
Primarily right now, we're using Nessus & Nmap.  However, Nessus doesn't
seem to identify things all that well.  Further, it'd be nice to have a
scanner which could identify things like the "WeatherBug" spyware or
other oddities.  

An example of this - there was a radio station that had an open port. 
Nessus identified it incorrectly as a webserver (b/c it kinda responded
that way) but it was really the software opening the port, and then on
request spitting binary data of some sort back (guessing music or
something like that).

The questions I have for the list are as follows:
1)  What security scanning software does everyone use/recommend?  Is
Nessus & Nmap the standard?
2)  What applications can be used to identify spyware?
3)  The idea is we're wanting to shutdown many of the net radio players
such as spinner due to a concern that they might be security holes. 
Does anyone know whether this is the case or have other comments on
this?
4)  The last time I did a general network scan with Nessus, a LOT of our
JetDirect or HP networked printers started printing garbage, and then
had to be reset.  Has anyone else seen this with Nessus?  Is there a way
to fix either the printers or Nessus so this wouldn't happen and we can
do regular scans again?
5)  What mailing lists are available (low traffic, preferrably) for
discussions of such issues?  Is there one on the MU campus?  If so, how
does one get subscribed, the listname, etc.?
6)  Nessus identifies a lot of things, but at the same time, doesn't
really test them out to find whether the "identified" things are
actually vulnerable.  An example is a lot of the SMB errors reported. 
Is there a decent tool for testing these reported vulnerabilities out?

Any advice, comments, etc. are welcome.  I do pretty well with TCP/IP
work, as well as being able to hit and fix a lot of the common stuff
identified using Nessus, but as said - there have been some problems
with Nessus and I'm always curious to see what else is out there, known,
etc.
Thanks!
Jason McIntosh
-- 
/--------------------------------------|---------------------------\
| Jason McIntosh                       | CELL: 573-424-7612        |
| Webmaster, thinker, Programmer, etc. | WORK: 573-884-3865        |
| http://poetshome.com/                |                           |
|------------------------------------------------------------------|
|"How should I know if it works?  That's what beta testers are     |
|for.  I only coded it."                                           |
|(Attributed to Linus Torvalds, somewhere in a posting)            |
\--------------------------------------|---------------------------/


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)

mQGiBD5AMRERBACcxAJ7hiB6udEDefnAksb49o6BDVC2bxdUTwkxP9jS0BmLqbQL
egYYt09WjEJtn4eRuVdkku7A0fi/G8NIsXnE9oMKnWkqg2tjQ8q65D64Cass5zEU
WG6j8qABpxpZNP9HGSTqm0yeYTR9f0dGaS6jZbxgme6hU0XDOGH3ug6/qwCg0j1h
gYkkNl3jbPuwtpCrTIxSUYsD/0J18alKrswomFJfoRgjA7S9AezlV7YJoU3dCLSV
6D19SAVwmseTRltJm0S8e8Yf6Bq9l+1OdsJCHtT+HYBVuB0PmL8PDhJg6vAzIZlt
5c3hkfJrSSCssRSMBIr+8Hl2HBU4tKB79L2cI3Nrij+5DJTVzIa5QpvsFDAIO2Cp
Ma/hA/9vOPY2PyoAWKb3JAQV8T2h7/rjzePxOv0WYI2/6THdgh2lLUP+GJ4FdH76
I/8d+qtiAzul/Zq2LkFvpejnu41dDZn+yhgsVTkz/xTRKWQX9sOud0QjvyN0nHD9
KqisFRgs1ByINQcWNK8KpwgLcBRLVS4EALDn5R6yL6AT6poT7bQ8SmFzb24gTWNJ
bnRvc2ggKFByb2dyYW1tZXIvQW5hbHlzdCkgPE1jSW50b3NoSkBtaXNzb3VyaS5l
ZHU+iF8EExECAB8FAj5AMREFCQHhM4AECwcDAgMVAgMDFgIBAh4BAheAAAoJEGZP
+3FaGjd1P9IAoJQL5kaHEjG1TNVSt20bAXDx/DzmAJ4pVTDnpWUPNCxk+/kMBlGe
bO97ObkCDQQ+QDEfEAgAjl6vRTDWrMTUfXyngnWAgU/3wRZmjcKONhCGcpqFOFR/
2CiMeeJOnNXgSzrPxIfUJphlh00vBm1K/ngllg3MGFI9hOffuLuHXiw8e/Yc87uz
YdtglWHeUz/9YQCe4ndKohtk7nZHUoxQd5OspJxYJH5J5cysSuH2V839NtNPJKBZ
ai0VhyTFZKD3v9xTC8ZyMEO022bpkhWz1cs/9l5z4g2eg7mOwe+hJstMQFHk77Zr
GbkPwi+gWwM/b2pxigz1xhQpHpR5HrO/4yM8zWYZHUbUGwxiuTJqKktFEVUKUFDD
xopIpOAMOy0qVs+wXS5buJSduSgDxPmKq0xZFsJiZwADBwgAi66pXMCTolMQzn50
MAs9KRK6+3XphI+InmzfN+/OVknwzkAkGhRfisYI0DyN/26wSkn+zyoE87NBuUQt
xtcNOpwwxS2WCqBx3PhtpVJ6yvaeFmSe3QC2lUf8418B2C6GR/e6IOPNhVW1cnhP
IR0/yY8c8zQrJxEZNhBtj2SrkLY6Ps7j97lI8n+u21YC2/a5P3TPCa3x0w0m0APB
zJrhXuNGwPcNtxqKZDz7m9KuROSijx0Xm1buQkGfDZqkqA1D8ljN2vdA+jx/v1eq
H27iXk2iZ+i8bOyoiflniKh6nrd2UlVPvzmLscpiUf0rEGQuBV0Sq5AUUqO7MQM+
L8jCYYhMBBgRAgAMBQI+QDEfBQkB4TOAAAoJEGZP+3FaGjd1yhMAnjAwU37EIok3
WZu1BXhaD9y1ryjBAKC7fnv7AdrVrxdXkmdgdA5jxUFXOg==
=ueqZ
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Prev by Date: Re: [MLUG] Password auth in httpd
Next by Date: [MLUG] Security Scanners/Network Security/Nessus/Etc.
Previous by thread: RE: [MLUG] Distributed SMB filesystem
Next by thread: [MLUG] Security Scanners/Network Security/Nessus/Etc.
Index(es):
- Date
- Thread