Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: netstat scanner

from [Michel Arboi] Network Security [Permanent Link]
Subject: Re: netstat scanner
Date: Tue, 17 Aug 2004 15:58:34 +0200 
On Tue Aug 17 2004 at 15:12, Hugo van der Kooij wrote:


If your scan kills anything then you have a problem and the problem is NOT
called nessus. It is the machine that is not resilient enough and not
shielded enough that is your problem.


I agree at 90% (I love to code DoS plugins :) but the situation is not
so simple:

1. As far as I know, on a civil point of vue, you are responsible if
you destroy something, unless you warned your customer of _all_
risks. You cannot just say "I am responsible for nothing, whatever
happens, please sign here". Such a contract is void.
This is at least the situation in France, and I suppose that this is
true in many other countries.

2. Suppose you have a banking application that transfers billions of
dollars every day. You don't want to break it, because every minute
costs. The easy solution is to avoid it (don't scan, don't even look
at it!) but on the way you prefer to find a flaw before the bad guys.
Maybe there is an identical test machine: you can play with it. Or
maybe not. Or maybe the test machine is the backup machine, and it
should remain available "just in case"...

-- 
arboi@alussinan.org     http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
NASL2 reference manual http://michel.arboi.free.fr/nasl2ref/
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OS version detection esp. Mac OS, Renaud Deraison
Next by Date:  netstat on UDP?, Michel Arboi
Previous by Thread:  Re: netstat scanner, Hugo van der Kooij
Next by Thread:  Re: netstat scanner, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]