Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Request to interrupt Internet Scanner on long scan?

from [Ballerini, Jean Paul (ISS EMEA)] Network Security [Permanent Link]
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long scan?
Date: Mon, 22 Nov 2004 12:31:24 +0100 
Gary

See answers below.

Jean Paul

-----Original Message-----
From: Gary Love [mailto:garylove@nosc.mil] 
Sent: Thursday, November 18, 2004 9:38 PM
To: issforum@atla-mm1.iss.net
Cc: Ballerini, Jean Paul (ISS EMEA)
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

I've submitted a couple of enhancement requests.  I'm wondering if
they've
been incorporated in the next release:

Enhancement ID: 418
Product: ISFSWS (Internet Scanner)
"During scan, when target hosts are shut down or taken off line, scanner
doesn't detect and continues scanning.  Scanning slows down to a crawl
as
each check has to time out.   It would be nice if there was some kind of
a
"heartbeat" ping that could alert console window that target host can no
longer be pinged."

Have not received Enhancement ID on this one:
3 related problems:
1) When a host is scanned and no vulnerabilities are found, the report
that gets generated treats such a host as if it were not scanned.  No
mention is made of it such as "Host XYZ was not found to be vulnerable
for
any of the selected checks".

[Jean Paul Ballerini (ISS EMEA)] We only show vulnerable hosts in our
scans. We do not show not vulnerable hosts. However, you would see them
in user reports or Operating system reports

2) When a host is supposed to be scanned but is unreachable, the report
doesn't mention that this occurred.

[Jean Paul Ballerini (ISS EMEA)] You can scan a host list but if it is
unreachable the only place you will see it is in the OS reports.

3) When a host is reachable and scanned but a firewall has blocked some
of
the ports, the report doesn't mention that this has occurred.

[Jean Paul Ballerini (ISS EMEA)] Scanner does not know what ports your
firewall is blocking and will report what responses it gets back from
the target host. As a matter of scanning procedure we recommend and
iterative approach to scanning to take into consideration hosts that are
offline during any particular scan.

As a result, when we scan several hosts at a time, and then review the
report, it is hard to tell if the absence of data on host XYZ means
there
were no vulnerabilities or if XYZ wasn't reachable. This has the
potential
of causing a vulnerable but off-line host to be missed.


Gary Love garylove@nosc.mil
SAIC Enterprise Security Solutions

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf
Of Ballerini, Jean Paul (ISS EMEA)
Sent: Thursday, November 18, 2004 5:33 AM
To: McCash, John; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?


Yes.
And there will be a progress bar.

Jean Paul

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of McCash, John
Sent: Wednesday, November 17, 2004 7:19 PM
To: issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

I'm interested in this as well. Will we be able to manage it through the
siteprotector console?
                Thanks
                        John McCash

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf
Of Ballerini, Jean Paul (ISS EMEA)
Sent: Wednesday, November 17, 2004 2:09 AM
To: Dan Widger; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

This is coming in SP2 for Internet Scanner in February.

Jean Paul

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Dan Widger
Sent: Monday, November 15, 2004 7:50 PM
To: issforum@atla-mm1.iss.net
Subject: [ISSForum] Request to interrupt Internet Scanner on long scan?

Is there any means to enable whole ISS system, or any combination of the
parts of the ISS Scanner, to start a vulnerability scan, then <pause> a
scan, and then continue?



What I have in mind is a long scan that can only be run from Time:Start
(e.g. 2 a.m.) to Time:End on (4 a.m.), and to pick up where it left off
at
and the next Time:Start, in a continuous cycle, until the scan is done?



Dan Widger

Security Engr

713\892-3471

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

------------------------------------------------------------------------
------------------------
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender immediately
and
delete the original.  Any unauthorized use of this email is prohibited.
------------------------------------------------------------------------
------------------------
[mf2]

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: [ISSForum] Reducing the number of events, Mohr James
Next by Date:  RE: [ISSForum] Reducing the number of events, Duncanson, Robert
Previous by Thread:  RE: [ISSForum] Request to interrupt Internet Scanner on long scan?, Ballerini, Jean Paul (ISS EMEA)
Next by Thread:  [ISSForum] Information about Proventia Change-State Gap, Dan Widger
Indexes:  [Date] [Thread] [Top] [All Lists]