Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: pcsync-https

from [Holstein, Robert - BLS CTR] Network Security [Permanent Link]
Subject: RE: pcsync-https
Date: Tue, 10 Jul 2007 16:22:31 -0400 
I don't recall for sure whether or not Veritas Netbackup even utilizes
ports in the 8000 range.  I could be mistaken. 
 
May I suggest using a utility such as process explorer
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.
mspx to examine the processes in question directly from the server
console.  It may be that the service fingerprint very closely matches
that of what Nessus is reporting.  Process Explorer is a great utility,
for windows, for examining exactly what application is using what ports.

 
I believe it's almost always necessary, in the interest of a thorough
audit, to follow-up with the administrator or work directly from the
console to eliminate any false positives or false negatives. You
wouldn't want that information ending up in your final audit report if
it is not 100% correct within reason.   
 
Alternately, you can use NMAP to perform an aggressive service
fingerprint on those ports.  That may also add some perspective to the
problem. 
 
Good luck. 

________________________________

From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Eric van Straten
Sent: Tuesday, July 10, 2007 3:53 PM
To: Nessus@list.nessus.org
Subject: pcsync-https


Hello,

With a recent scan of a new server (Windows 2003) running Veritas
NetBackup Operations Manager we are finding many results with either
High or Medium severity.  We have been beating our heads up against the
issue looking for where all of these results are coming from and can not
find what application may possibly be giving these results.

For example Nessus is reporting that BID:11009 - PhotoADay  is on the
server is running on port 8443... yet we can not find it.
For example Nessus is reporting that BID8288 - Gallery web-based photo
album is running on port 8443 ...yet we can not find it
...and MANY others...

I realize that I may not be providing as much information as needed to
troubleshoot; but, I'm stumped enough that I'm not sure where to even
start after this point.

Nessus: v3.0.5 for linux
Client: Nessus Console for Windows NT/2000/XP v1.4.5

We have contacted the vendor of the product (Veritas) and they are
saying that they have not buried all of these products in their software
which is running on the same ports as listed as vulnerable.

I look forward to some guidance as we learn to use Nessus more and more!

Thanks,
eric


________________________________

Ready for the edge of your seat? Check out tonight's top picks
<http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/>  on Yahoo! TV. 

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pcsync-https, George A. Theall
Next by Date:  Re: pcsync-https, Mike . Vasquez
Previous by Thread:  Re: pcsync-https, George A. Theall
Next by Thread:  Re: pcsync-https, Mike . Vasquez
Indexes:  [Date] [Thread] [Top] [All Lists]