Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: how to learn nessus - reg

from [Lachniet, Mark] Network Security [Permanent Link]
Subject: RE: how to learn nessus - reg
Date: Thu, 29 Sep 2005 15:31:46 -0400 
Since we're waxing poetic about scanning mistakes, I know of a certain
individual >cough< who pointed a scan at their K12 school district, and
messed up such that the tool recursed up the DNS tree and hit all the
K12 sites in his state (or at least all of those until it was noticed
and turned off).  That was back in the way early days of Nessus.
Another good lesson, don't just press the button and leave for the night
:)

FWIW, I put together what I thought at the time was a reasonable list of
things that a person should know about Nessus, but it was just an
outline, and no actual training info.  Its at
http://lachniet.com/lpi/Nessus.htm.  A person could start researching
these items till they understood them all to get a start at learning the
tool.

Mark


-----Original Message-----
From: nessus-bounces@list.nessus.org 
[mailto:nessus-bounces@list.nessus.org] On Behalf Of George A. Theall
Sent: Thursday, September 29, 2005 3:18 PM
To: nessus@list.nessus.org
Subject: Re: how to learn nessus - reg

On Thu, Sep 29, 2005 at 08:47:30AM -0700, uber haxor wrote:


Also remember these
tools have a purpose. It was a two million dollar outage that I was 
troubleshooting for ten hours because our Information 

Assurance Green 

Team set Nessus to run automated and had their flags wrong. 

The result 

was a DoS from the inside of the network, and with all the 
disinformation that we received, it took way too long to figure it 
out.


Amen to that!

In an earlier life, I administered a mission-critical mail 
system for a hospital that crashed several times because, we 
later found out, the security administrator was playing 
around with nmap! The problem wasn't with nmap per se but 
with the vendor's poorly designed TCP/IP stack -- any scanner 
would have caused it to crash.

I suppose you could think of scanner as a chef's knife -- if 
you're not careful, you can hurt yourself really badly; but 
in the hands of a skilled chef, it can produce some terrifc results.

George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to learn nessus - reg, George A. Theall
Next by Date:  Simple password tests, Bill Petersen
Previous by Thread:  Re: how to learn nessus - reg, George A. Theall
Next by Thread:  Nessus crashed Tivoli DSM service and POP & IMAP services, Michael Hale
Indexes:  [Date] [Thread] [Top] [All Lists]