Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: update-nessusrc script usage

from [Tobias Glemser] Network Security [Permanent Link]
Subject: Re: update-nessusrc script usage
Date: Thu, 23 Feb 2006 13:51:07 +0100 
Ah, after todays update I also have those plugins you're talking about :)

ID: 20922 Category: infos Family: Red Hat Local Security Checks
ID: 20923 Category: infos Family: SuSE Local Security Checks
ID: 20924 Category: infos Family: Gain root remotely
ID: 20925 Category: attack Family: CGI abuses
ID: 20926 Category: infos  Family: CGI abuses
So only two of five are CGI-Abuses and none are flagged as dangerous.

> With the default settings, it disables all
> the "dangereous" plugins in the Denial of Service family.
Not mine :) Try to set safe_checks = yes to disable dangerous plugins in the nessus config file.

I don't understand why you're not just running "nessus-update" if you're using a graphical user interface to adjust your scanner settings. update-nessusrc is normally used to generate a rc-file as config-input for a command-line scan.

Cheers,
Toby

Tobias Glemser wrote on 23.02.2006 10:37: 
Ammet,

just have a look in the corresponding nasl files or use a client to check if the plugins are supposed to cause a DoS.
Sadly, I didn't find the IDs you've given in my up2date 2.6 installation, so I couldn't check.

Cheers,
Toby

Ameet Zaveri wrote on 22.02.2006 23:40: 
I am using the update-nessusrc script to keep the NessusClient
config file updated. With the default settings, it disables all
the "dangereous" plugins in the Denial of Service family. It
also seems to disable some plugins in "CGI Abuses" family. Is
this as designed? The plugin ids are 20922-20928. Are these
supposed to be dangerous.




__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: update-nessusrc script usage, Tobias Glemser
Next by Date:  Re: Nessus 3.0.1, George A. Theall
Previous by Thread:  Re: update-nessusrc script usage, Tobias Glemser
Next by Thread:  need help for 2.2.6 GUI, prasun . m
Indexes:  [Date] [Thread] [Top] [All Lists]