Re: netstat scanner

On Tue Aug 24 2004 at 23:57, Pavel Kankovsky wrote:

> Well, you can always give the customer a copy of Nessus, let them run it
> themselves and charge money for the interpretation of its output. :)

And you'll be responsible because you gave him the software bomb :)

> Well...if you have a banking application transfering billions of dollars
> every day, then every piece of the system must be triplicated (at least).

Unfortunately, a bad cluster is worse than nothing. 
The only thing that is sure is that redundancy adds complexity,
ie. fragility.  Then if the system is well designed, you will increase
the global reliability. Maybe.

I have some horror stories:
- some old versions of IBM HACMP crashed when you run snmpwalk on the
shared IP address (IIRC). The bug is referenced by IBM in their
archives, but not widely known.
- I've seen an asymetric cluster where the application took more
than an hour to rebuild its database after a switch from the master to
the slave machine.
- with Nessus, I crashed a load balancer while scanning machines
behing it. The load balancing function had been switched off during
the test, I was scanning the offline machines, and the gizmo was
supposed to act as a simple router. The attack was 3+ year old
(stream?) but the bug was not known

-- 
arboi@alussinan.org     http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
NASL2 reference manual http://michel.arboi.free.fr/nasl2ref/
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus