Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: update-nessusrc script usage

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: update-nessusrc script usage
Date: Wed, 22 Feb 2006 21:32:14 -0500 
On Wed, Feb 22, 2006 at 02:40:23PM -0800, Ameet Zaveri wrote:


I am using the update-nessusrc script to keep the NessusClient
config file updated. With the default settings, it disables all
the "dangereous" plugins in the Denial of Service family. 


My update-nessusrc script disables by default "dangerous" plugins, which
are defined as those in the ACT_DENIAL, ACT_DESTRUCTIVE_ATTACK,
ACT_FLOOD, and ACT_KILL_HOST *categories*, not families. The former
refer to how the plugin behaves while the later reflect the type of flaw
covered by the plugin.

Consider, for example, plugin 20394 (eims_328.nasl). Since it is
checking for DoS flaws in Eudora Internet Mail Server, it belongs in the
"Denial of Service" family; but since it only checks various service
banners, it's in the ACT_GATHER_INFO category.


It
also seems to disable some plugins in "CGI Abuses" family. 


"Seems to"?  Have you run the script in debug mode and examined its output?


Is
this as designed? The plugin ids are 20922-20928. Are these
supposed to be dangerous.


No, that's not how it should work. And given that the plugins you list
form a nice and somewhat recent sequence, I suspect something else is
happening. Did you update plugins on the server without subsequently
running update-nessusrc? What are the statuses of plugins such as 20950
- 20961?

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: need help for 2.2.6 GUI, Jan-Oliver Wagner
Next by Date:  Re: Default password attempting, George A. Theall
Previous by Thread:  update-nessusrc script usage, Ameet Zaveri
Next by Thread:  Re: update-nessusrc script usage, Tobias Glemser
Indexes:  [Date] [Thread] [Top] [All Lists]