Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Nessus Plugin ID 11188

from [Hemsley, Trevor] Network Security [Permanent Link]
Subject: RE: Nessus Plugin ID 11188
Date: Fri, 27 Aug 2004 16:56:33 +0100 
The problem with this test is that it alerts if it finds anything listening on 
port 7100 if it is run in safe checks mode. The vulnerability only exists in 
some (really old) versions of the Sun font server but this test alerts on any 
font server including ones running on Windows boxes etc. I did start trying to 
look at this to see if there was any way to get more info out of the remote 
server about what it was but had trouble finding any doc on its workings and 
ended up giving up :-(

-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: 27 August 2004 16:26
To: Christopher J Bidwell
Cc: nessus@list.nessus.org
Subject: Re: Nessus Plugin ID 11188


On Fri Aug 27 2004 at 17:16, Christopher J Bidwell wrote:


The NOBODY users exists to own nothing and to be able to do nothing
dangerous.


1. nobody should not own anything. But who knows?
2. The fact that it owns nothing does not prove that it cannot be
dangerous. There are many local holes. Much more than network
holes. Common wisdom says that if an intruder got an unprivileged
access, you should consider that he managed to get root afterwards and
have to reinstall your machine.


I think this test should be CORRECTED in Nessus and the vulnerability
ignored.


Forbidden remote access shoud definitely NOT be ignored.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


__________________________________________________________________________
This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive this 
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group 
liability cannot be triggered for the message content. Although the 
sender endeavours to maintain a computer virus-free network, the sender 
does not warrant that this transmission is virus-free and will not be 
liable for any damages resulting from any virus transmitted.
__________________________________________________________________________
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Throttling down scans, Michel Arboi
Next by Date:  Re: Nessus Update Plugin Script..., aggunia
Previous by Thread:  Re: Nessus Plugin ID 11188, Michel Arboi
Next by Thread:  NeWT XML to NBE, Erik Stephens
Indexes:  [Date] [Thread] [Top] [All Lists]