Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Virtual Domain Scanning Bug

from [Jay Jacobson] Network Security [Permanent Link]
Subject: Virtual Domain Scanning Bug
Date: Sun, 29 May 2005 15:52:44 -0700 (MST)

I believe we have found a bug in Nessus' implementation of HTTP(S) virtual domain scanning. Using Nessus 2.2.4. The syntax is to scan the target is ip[hostname], for example 10.0.0.2[www.foo.com].

The bug crops up when the hostname resolves to a different IP than the one specificed. The scenario is:

* 10.0.0.2 is a web server that hosts many virtual domains. One of the domains it responds to is www.foo.com.

 * www.foo.com only resolves to 192.168.2.10 (no round-robin DNS).

* Starting a Nessus scan with the target specified as "10.0.0.2[www.foo.com]" and Nessus seems to lookup www.foo.com and proceed to do the actual scan on 192.168.2.10, when it should be scanning 10.0.0.2, since that was the target IP given to Nessus. Thus, Nessus is scanning an IP address that was NOT supposed to be scanned.

I know this is an unusual setup, and the above scenario is just an example. Nonetheless, it does look like a bug in Nessus is causing it to scan the wrong IP in this case. Thoughts?

~Jay

--
..
..  Jay Jacobson
..  Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
..  Private-Labeled Managed Vulnerability Assessment Services
..

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus& Active Directory problems... [Email checked - EMEA], Varvara Daskala
Next by Date:  Suggestion for hostname guessing, Jason Haar
Previous by Thread:  Nessus& Active Directory problems... [Email checked - EMEA], Varvara Daskala
Next by Thread:  Re: Virtual Domain Scanning Bug, Jay Jacobson
Indexes:  [Date] [Thread] [Top] [All Lists]