Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Updating Plugins in rc File, Safe Checks

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Updating Plugins in rc File, Safe Checks
Date: Wed, 25 Jan 2006 20:54:32 -0500 
On Wed, Jan 25, 2006 at 02:05:45PM -0600, Brent Stackhouse wrote:


1.  I've got multiple rc files I'm using for different scan targets but
I'm not clear on how to update them with the latest plugins.
Specifically, I'm using cron jobs to execute scripts that use the
NessusClient with various options.  Does the -p option have any impact
on this?  I saw some "update-nessusrc" script floating around but
wondered if there was a better/newer way to deal with this issue.


The "-p" option to nessus or NessusClient queries a server for a list of
plugins currently available there. The trick is then to figure out which
ones to enable and which to disable. And this is where the
update-nessusrc scripts come in:

  Edgeos' python-based update-nessusrc.py
    http://www.edgeos.com/resources/

  My perl-based update-nessusrc
    http://www.tifaware.com/perl/update-nessusrc/

Mine probably has some additional functionality not in Edgeos' script,
but grab them both and judge for yourself.


2.  Has anyone experienced issues in Nessus 3.x with "knocking over"
devices by enabling all plugins _with_ Safe Checks enabled?  


This isn't something specific with Nessus 3.x or even Nessus itself.
Enabling safe checks disables plugins that _try_ to crash a service /
host, but it's no guarantee that, say, a device with a
poorly-implemented TCP/IP stack will stay up when you port-scan it.

This topic comes up periodically on the list. There was even talk
several years ago of compiling a list of problemmatic equipment; eg, see

  http://mail.nessus.org/pipermail/nessus/2003-December/msg00060.html

There are some techniques you can follow to minimize the likelihood of
crashes, and the above also references a post by Renaud that outlines
some of them.

By the way, you may want to look at Tenable's NeVO product --
http://www.tenablesecurity.com/products/nevo.shtml -- whether to replace
or complement Nessus. It's a passive scanner that detects flaws simply
by monitoring network traffic.


George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Linux client connection error, George A. Theall
Next by Date:  Re: Updating Plugins in rc File, Safe Checks, Brent Stackhouse
Previous by Thread:  Updating Plugins in rc File, Safe Checks, Brent Stackhouse
Next by Thread:  Re: Updating Plugins in rc File, Safe Checks, Brent Stackhouse
Indexes:  [Date] [Thread] [Top] [All Lists]