Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
you can use iptraf to monitor and log traffic, and as connections
are made, you can find out weather it should have been accepted
or not.
On Thu, 6 Mar 2003, Jason McIntosh wrote:
> General question which may have been asked before, but updated responses
> are of course welcome :)
>
> We're doing network scans (or attempting to) using various tools.
> Primarily right now, we're using Nessus & Nmap. However, Nessus doesn't
> seem to identify things all that well. Further, it'd be nice to have a
> scanner which could identify things like the "WeatherBug" spyware or
> other oddities.
>
> An example of this - there was a radio station that had an open port.
> Nessus identified it incorrectly as a webserver (b/c it kinda responded
> that way) but it was really the software opening the port, and then on
> request spitting binary data of some sort back (guessing music or
> something like that).
>
> The questions I have for the list are as follows:
> 1) What security scanning software does everyone use/recommend? Is
> Nessus & Nmap the standard?
> 2) What applications can be used to identify spyware?
> 3) The idea is we're wanting to shutdown many of the net radio players
> such as spinner due to a concern that they might be security holes.
> Does anyone know whether this is the case or have other comments on
> this?
> 4) The last time I did a general network scan with Nessus, a LOT of our
> JetDirect or HP networked printers started printing garbage, and then
> had to be reset. Has anyone else seen this with Nessus? Is there a way
> to fix either the printers or Nessus so this wouldn't happen and we can
> do regular scans again?
> 5) What mailing lists are available (low traffic, preferrably) for
> discussions of such issues? Is there one on the MU campus? If so, how
> does one get subscribed, the listname, etc.?
> 6) Nessus identifies a lot of things, but at the same time, doesn't
> really test them out to find whether the "identified" things are
> actually vulnerable. An example is a lot of the SMB errors reported.
> Is there a decent tool for testing these reported vulnerabilities out?
>
> Any advice, comments, etc. are welcome. I do pretty well with TCP/IP
> work, as well as being able to hit and fix a lot of the common stuff
> identified using Nessus, but as said - there have been some problems
> with Nessus and I'm always curious to see what else is out there, known,
> etc.
> Thanks!
> Jason McIntosh
>
> --
> /--------------------------------------|---------------------------\
> | Jason McIntosh | CELL: 573-424-7612 |
> | Webmaster, thinker, Programmer, etc. | WORK: 573-884-3865 |
> | http://poetshome.com/ | |
> |------------------------------------------------------------------|
> |"How should I know if it works? That's what beta testers are |
> |for. I only coded it." |
> |(Attributed to Linus Torvalds, somewhere in a posting) |
> \--------------------------------------|---------------------------/
>
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> mQGiBD5AMRERBACcxAJ7hiB6udEDefnAksb49o6BDVC2bxdUTwkxP9jS0BmLqbQL
> egYYt09WjEJtn4eRuVdkku7A0fi/G8NIsXnE9oMKnWkqg2tjQ8q65D64Cass5zEU
> WG6j8qABpxpZNP9HGSTqm0yeYTR9f0dGaS6jZbxgme6hU0XDOGH3ug6/qwCg0j1h
> gYkkNl3jbPuwtpCrTIxSUYsD/0J18alKrswomFJfoRgjA7S9AezlV7YJoU3dCLSV
> 6D19SAVwmseTRltJm0S8e8Yf6Bq9l+1OdsJCHtT+HYBVuB0PmL8PDhJg6vAzIZlt
> 5c3hkfJrSSCssRSMBIr+8Hl2HBU4tKB79L2cI3Nrij+5DJTVzIa5QpvsFDAIO2Cp
> Ma/hA/9vOPY2PyoAWKb3JAQV8T2h7/rjzePxOv0WYI2/6THdgh2lLUP+GJ4FdH76
> I/8d+qtiAzul/Zq2LkFvpejnu41dDZn+yhgsVTkz/xTRKWQX9sOud0QjvyN0nHD9
> KqisFRgs1ByINQcWNK8KpwgLcBRLVS4EALDn5R6yL6AT6poT7bQ8SmFzb24gTWNJ
> bnRvc2ggKFByb2dyYW1tZXIvQW5hbHlzdCkgPE1jSW50b3NoSkBtaXNzb3VyaS5l
> ZHU+iF8EExECAB8FAj5AMREFCQHhM4AECwcDAgMVAgMDFgIBAh4BAheAAAoJEGZP
> +3FaGjd1P9IAoJQL5kaHEjG1TNVSt20bAXDx/DzmAJ4pVTDnpWUPNCxk+/kMBlGe
> bO97ObkCDQQ+QDEfEAgAjl6vRTDWrMTUfXyngnWAgU/3wRZmjcKONhCGcpqFOFR/
> 2CiMeeJOnNXgSzrPxIfUJphlh00vBm1K/ngllg3MGFI9hOffuLuHXiw8e/Yc87uz
> YdtglWHeUz/9YQCe4ndKohtk7nZHUoxQd5OspJxYJH5J5cysSuH2V839NtNPJKBZ
> ai0VhyTFZKD3v9xTC8ZyMEO022bpkhWz1cs/9l5z4g2eg7mOwe+hJstMQFHk77Zr
> GbkPwi+gWwM/b2pxigz1xhQpHpR5HrO/4yM8zWYZHUbUGwxiuTJqKktFEVUKUFDD
> xopIpOAMOy0qVs+wXS5buJSduSgDxPmKq0xZFsJiZwADBwgAi66pXMCTolMQzn50
> MAs9KRK6+3XphI+InmzfN+/OVknwzkAkGhRfisYI0DyN/26wSkn+zyoE87NBuUQt
> xtcNOpwwxS2WCqBx3PhtpVJ6yvaeFmSe3QC2lUf8418B2C6GR/e6IOPNhVW1cnhP
> IR0/yY8c8zQrJxEZNhBtj2SrkLY6Ps7j97lI8n+u21YC2/a5P3TPCa3x0w0m0APB
> zJrhXuNGwPcNtxqKZDz7m9KuROSijx0Xm1buQkGfDZqkqA1D8ljN2vdA+jx/v1eq
> H27iXk2iZ+i8bOyoiflniKh6nrd2UlVPvzmLscpiUf0rEGQuBV0Sq5AUUqO7MQM+
> L8jCYYhMBBgRAgAMBQI+QDEfBQkB4TOAAAoJEGZP+3FaGjd1yhMAnjAwU37EIok3
> WZu1BXhaD9y1ryjBAKC7fnv7AdrVrxdXkmdgdA5jxUFXOg==
> =ueqZ
> -----END PGP PUBLIC KEY BLOCK-----
>
>
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact