Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Unknown function

from [Devitto, Dom] Network Security [Permanent Link]
Subject: RE: Unknown function
Date: Fri, 15 Jun 2007 16:44:17 +0100 
One more follow-up question,

How come this is done "manually", rather than just invoking OpenSSH?
(especially considering the obvious multi-cipher support and other
benefits?)

Is this just for similar reasons to why using NMAP can be bad (40 hosts = 40
NMAP processes, = 40 x memory of one NMAP process etc. etc.) or is there a
more cunning reason?

I'm hoping that changing the tool is going to be easier than changing the
world...

Dom
Dom De Vitto  | Security Consultant
Virgin Media,  Crawley Court, Crawley, Winchester, Hants, SO21 2QA
M: 07855 805 271   D: 01483 87 5500   E: Dom.DeVitto@VirginMedia.co.uk
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Renaud Deraison
Sent: 10 June 2007 09:17
To: Nessus List
Subject: Re: Unknown function


On Jun 10, 2007, at 10:01 AM, Devitto, Dom wrote:


Two follow-ups to this:
1) Any plans to support SSHv1?
(or can I this be hack this in easily with unsupported botches? :-) )


No and no -- SSHv1 is a very different protocol, and you'd need to  
entirely rewrite ssh_func.inc




2) The Nessus_credial_checks.pdf says, under "What else can go  
wrong with my
host checks?" ...
"On UNIX systems, administrators that move SSH to ports other than 22"

But it appears that (now) Nessus can login whatever the SSH port  
used, as
long at detects (scans) the port that SSH is running on - correct?


This is correct. However if multiple SSH daemons are running on the  
remote host, then problems may occur.

have a good sunday,


                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

------------------------------------------------------------------------------

Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally 
privileged and are sent solely for the attention of the addressee(s). If you 
have received this email in error, please delete it from your system: its use, 
disclosure or copying is unauthorised. Statements and opinions expressed in 
this email may not represent those of Virgin Media. Any representations or 
commitments in this email are subject to contract. Please note that we are 
migrating our email addresses to a company wide address of 
"@virginmedia.co.uk". If you are sending to a Telewest or ntl email address 
your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in 
England and Wales with number 2591237


==============================================================================

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Discovery/Documentation, George A. Theall
Next by Date:  FALSE POSITIVE, John Scherff
Previous by Thread:  Re: Unknown function, Renaud Deraison
Next by Thread:  Nessus 3.1.4 (beta) available : bug fixes, 64 bits support, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]