Send Nessus mailing list submissions to
nessus@list.nessus.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.nessus.org/mailman/listinfo/nessus
or, via email, send a message with subject or body 'help' to
nessus-request@list.nessus.org
You can reach the person managing the list at
nessus-owner@list.nessus.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Nessus digest..."
Today's Topics:
1. Printer problems (Jared M Breland)
2. Re: Printer problems (Hugo van der Kooij)
3. Re: Printer problems (Jared M Breland)
4. Re: Printer problems (Renaud Deraison)
5. Nessus 2.0.12 on AIX (Neil Lewinski)
6. Question about updating plugins. (Kevin McNamee)
7. Re: Question about updating plugins. (George Theall)
8. Default Unix Accounts and SSH (Nick Strecker)
9. RE: Printer problems (c.houle@bell.ca)
10. Re: Default Unix Accounts and SSH (Renaud Deraison)
----------------------------------------------------------------------
Message: 1
Date: Tue, 19 Oct 2004 10:32:31 -0500
From: "Jared M Breland" <Jared.Breland@ipaper.com>
Subject: Printer problems
To: nessus@list.nessus.org
Message-ID:
<OF7E8C72F7.F05E79FF-ON86256F32.0054C88C-86256F32.005532EE@ipaper.com>
Content-Type: text/plain; charset="us-ascii"
I'm running a scan against a rather large subnet of Windows desktops.
However, several network printers are also on this subnet. When one of
these printers gets hit, it prints out about 10 pages of garbage data.
I searched through the archives and found several mentions of this in the
past, but I didn't see a solution for it. Has anyone come up with a good
way to stop this from happening?
Thanks.
--
Jared Breland
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20041019/23a6bfe0/attachment.html
------------------------------
Message: 2
Date: Tue, 19 Oct 2004 20:12:22 +0200 (CEST)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
Subject: Re: Printer problems
To: nessus@list.nessus.org
Message-ID:
<Pine.LNX.4.58.0410192011130.2183@gandalf.hugo.vanderkooij.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 19 Oct 2004, Jared M Breland wrote:
I'm running a scan against a rather large subnet of Windows desktops.
However, several network printers are also on this subnet. When one of
these printers gets hit, it prints out about 10 pages of garbage data.
I searched through the archives and found several mentions of this in the
past, but I didn't see a solution for it. Has anyone come up with a good
way to stop this from happening?
Evade the printers. Adding them as restricted hosts in your rules could be
one way but you must do this through manual labor.
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
------------------------------
Message: 3
Date: Tue, 19 Oct 2004 14:23:25 -0500
From: "Jared M Breland" <Jared.Breland@ipaper.com>
Subject: Re: Printer problems
To: nessus@list.nessus.org
Message-ID:
<OFE80287BF.C6DCF819-ON86256F32.0069F9C3-86256F32.006A56EA@ipaper.com>
Content-Type: text/plain; charset="us-ascii"
nessus-bounces@list.nessus.org wrote on 10/19/2004 01:12:22 PM:
I'm running a scan against a rather large subnet of Windows desktops.
However, several network printers are also on this subnet. When one
of
these printers gets hit, it prints out about 10 pages of garbage data.
I searched through the archives and found several mentions of this in
the
past, but I didn't see a solution for it. Has anyone come up with a
good
way to stop this from happening?
Evade the printers. Adding them as restricted hosts in your rules could
be
one way but you must do this through manual labor.
Well, that's one option that I certainly thought of, however we probably
have about 40 printers on this subnet (it's a 22-bit subnet). Tracking
down the IP address for each and every printer would be rather difficult.
I just recently picked up new the Nessus book, and it says that "Nessus
now incorporates a test to specifically detect whether the IP being
scanned is a printer, and, if this is the case, prevent the scan from
testing that IP's printing-related ports." Obviously that's not happening
in this case, but the capability must exist, right? Is there any special
configuration that needs to be done to make this work?
--
Jared Breland
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20041019/efcb1695/attachment.html
------------------------------
Message: 4
Date: Tue, 19 Oct 2004 15:27:42 -0400
From: Renaud Deraison <deraison@nessus.org>
Subject: Re: Printer problems
To: Jared M Breland <Jared.Breland@ipaper.com>
Cc: nessus@list.nessus.org
Message-ID: <20041019192742.GA11131@nessus.org>
Content-Type: text/plain; charset=us-ascii
On Tue, Oct 19, 2004 at 02:23:25PM -0500, Jared M Breland wrote:
I just recently picked up new the Nessus book, and it says that "Nessus
now incorporates a test to specifically detect whether the IP being
scanned is a printer, and, if this is the case, prevent the scan from
testing that IP's printing-related ports." Obviously that's not happening
in this case, but the capability must exist, right? Is there any special
configuration that needs to be done to make this work?
You're correct. Please sacrifice one of your printers by doing a full
scan on it, send me the full report you are getting (as well as the KB
file) and I'll update the appropriate plugin.
Note however that printer detection occurs _after_ the port scan, so if
a mere portscan cause your printers to print tons of white pages,
there's not much I can do :(
-- Renaud
------------------------------
Message: 5
Date: Tue, 19 Oct 2004 16:20:09 -0400
From: Neil Lewinski <neil.lewinski@wmich.edu>
Subject: Nessus 2.0.12 on AIX
To: Nessus@list.nessus.org
Message-ID: <46325123-220C-11D9-B388-003065E235DC@wmich.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed
I am new to the list, but I looked over the list archives
in hopes that someone can shed some light on my problem.
I have built Nessus 2.0.12 on AIX 5.2 ML04 using gcc 3.3.2,
and all seems to be well. The Nessus daemon, however,
does not open port 1241 for listening, and it does not
complain either. On a linux box the nessus-installer.sh
worked like a champ, and I can scan from there with
no issues. The Nessus client (with X) that builds along
with the daemon fires up without a hitch, but the
daemon itself is not working for me.
Does anyone have experience with Nessus on AIX?
I would be grateful for any help that is offered.
Thanks in advance for your time.
---
Neil D Lewinski
Western Michigan University email: neil.lewinski@wmich.edu
Office of Information Technology voice: 269.387.0939
Administrative Systems Group
------------------------------
Message: 6
Date: Tue, 19 Oct 2004 18:57:31 -0400
From: "Kevin McNamee" <kevin.mcnamee@alcatel.com>
Subject: Question about updating plugins.
To: <nessus@list.nessus.org>
Message-ID: <011201c4b62f$04505c30$8e85788a@ca.alcatel.com>
Content-Type: text/plain; charset="iso-8859-1"
I downloaded the latest plugins (all-2.0.tar.gz) and un-tarred them into the
plugins directory on top of what was already there. When I scan a host it
appears to work quite quickly, but there is no network traffic and the scan
report is completely empty. When I reverted to the backup of my original
plugins directory, everything works normally.
What have I done wrong?
Kevin.
------------------------------
Message: 7
Date: Tue, 19 Oct 2004 19:58:44 -0400
From: George Theall <theall@tifaware.com>
Subject: Re: Question about updating plugins.
To: nessus@list.nessus.org
Message-ID: <20041019235844.GA32618@tifaware.com>
Content-Type: text/plain; charset="us-ascii"
On Tue, Oct 19, 2004 at 06:57:31PM -0400, Kevin McNamee wrote:
I downloaded the latest plugins (all-2.0.tar.gz) and un-tarred them into the
plugins directory on top of what was already there.
....
What have I done wrong?
You need to HUP nessusd to have it reread the plugins. nessus-update-plugins
takes care of this and retrieves / installs the latest plugin set too.
George
--
theall@tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://mail.nessus.org/pipermail/nessus/attachments/20041019/010bf876/attachment.bin
------------------------------
Message: 8
Date: Tue, 19 Oct 2004 19:01:20 -0700
From: Nick Strecker <nick@squaretrade.com>
Subject: Default Unix Accounts and SSH
To: nessus@list.nessus.org
Message-ID: <4175C6F0.7050508@squaretrade.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
I'm unable to get Nessus to report default UNIX accounts over SSH.
Detection works fine over telnet. The error message I get in auth.log
(under debian linux) or system.log (under Mac OS X) is:
sshd[442]: Did not receive identification string from 172.16.200.15
sshd[443]: Bad protocol version identification 'GET / HTTP/1.0' from
172.16.200.15
Do I have something misconfigured? Any thoughts/suggestions?
Also, I'm curious as to why Nessus has so few (35) of these
unpassworded/default unix account checks? A search on google turned up
the following link (http://bsrf.org.uk/tutorials/defaultpasswords.html)
which, even if I narrow in on just Generic UNIX accounts, includes an
additional 125+ default user names/passwords that aren't currently
covered by Nessus.
--Nick
------------------------------
Message: 9
Date: Tue, 19 Oct 2004 15:31:40 -0400
From: c.houle@bell.ca
Subject: RE: Printer problems
To: nessus@list.nessus.org
Message-ID: <0AACD52849A1064382A46CCBF06FC82001273478@Toroondc912>
Content-Type: text/plain; charset=iso-8859-1
Don't know about that config but with the help of the HMAP, SNMP & a few other
plug-ins, you should be able to identify most of the printers quickly & then
remove them.
Regards,
--
CH
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Jared M Breland
Sent: October 19, 2004 3:23 PM
To: nessus@list.nessus.org
Subject: Re: Printer problems
nessus-bounces@list.nessus.org wrote on 10/19/2004 01:12:22 PM:
I'm running a scan against a rather large subnet of Windows desktops.
However, several network printers are also on this subnet. ?hen one of
these printers gets hit, it prints out about 10 pages of garbage data.
I searched through the archives and found several mentions of this in the
past, but I didn't see a solution for it. ?as anyone come up with a good
way to stop this from happening?
Evade the printers. Adding them as restricted hosts in your rules could be
one way but you must do this through manual labor.
Well, that's one option that I certainly thought of, however we probably have
about 40 printers on this subnet (it's a 22-bit subnet). ?racking down the IP
address for each and every printer would be rather difficult.
I just recently picked up new the Nessus book, and it says that "Nessus now
incorporates a test to specifically detect whether the IP being scanned is a
printer, and, if this is the case, prevent the scan from testing that IP's
printing-related ports." ?bviously that's not happening in this case, but the
capability must exist, right? ?s there any special configuration that needs
to be done to make this work?
--
Jared Breland
------------------------------
Message: 10
Date: Wed, 20 Oct 2004 08:52:33 -0400
From: Renaud Deraison <deraison@nessus.org>
Subject: Re: Default Unix Accounts and SSH
To: nessus@list.nessus.org
Message-ID: <20041020125233.GA16292@nessus.org>
Content-Type: text/plain; charset=us-ascii
On Tue, Oct 19, 2004 at 07:01:20PM -0700, Nick Strecker wrote:
I'm unable to get Nessus to report default UNIX accounts over SSH.
Detection works fine over telnet. The error message I get in auth.log
(under debian linux) or system.log (under Mac OS X) is:
sshd[442]: Did not receive identification string from 172.16.200.15
sshd[443]: Bad protocol version identification 'GET / HTTP/1.0' from
172.16.200.15
Do I have something misconfigured? Any thoughts/suggestions?
Are you sure you compiled your nessusd with OpenSSL support ?
(this is indicated if you do a nessusd -d)
Also, I'm curious as to why Nessus has so few (35) of these
unpassworded/default unix account checks? A search on google turned up
the following link (http://bsrf.org.uk/tutorials/defaultpasswords.html)
which, even if I narrow in on just Generic UNIX accounts, includes an
additional 125+ default user names/passwords that aren't currently
covered by Nessus.
Because checking for such accounts by telnet is very slow :( Until now,
we had to get a balance between completeness and speed. Now that Michel
introduced the "thorough checks" options we could definitely increase
the number of checks by a great deal.
-- Renaud
------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 12, Issue 20
**************************************
