Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Disable service identification

from [Devitto, Dom] Network Security [Permanent Link]
Subject: RE: Disable service identification
Date: Mon, 16 Jul 2007 10:57:21 +0100 
Actually, once again Michel has a good point.

Obviously Nessus is hitting the service faster than the default Solaris
limits.

Maybe Nessus could detail and report on such cases?  Though bouncing off a
tcp_wrapper would no doubt produce a similar effect, from the Nessus PoV.

Dom De Vitto  | Security Consultant
Virgin Media,  Crawley Court, Crawley, Winchester, Hants, SO21 2QA
M: 07855 805 271   D: 01483 87 5500   E: Dom.DeVitto@VirginMedia.co.uk
-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org] 
Sent: 14 July 2007 08:57
To: Pete Duffin
Cc: Devitto, Dom; nessus@list.nessus.org
Subject: Re: Disable service identification

Le Fri, 13 Jul 2007 17:47:36 -0400,
"Pete Duffin" <pduffin@blabbernet.net> a écrit :


I reproduced the state where inetd doesn't allow telnet, ftp, etc...
I checked the console as well as the messages log and found nothing,
other than an xaudio error message.


That's odd. inetd should only disable the failing service, not the
other ones. And the manual clearly says that the "broken" service
should be enabled again after 10 minutes.
But I still don't believe that Nessus could kill inetd, mainly because
inetd does nothing special with the incoming connections. It does not
read data from them.

You should increase those two paramaters. 
e.g. run inetd with -r 2000 60 instead of the default -r 40 60

------------------------------------------------------------------------------
Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally 
privileged and are sent solely for the attention of the addressee(s). If you 
have received this email in error, please delete it from your system: its use, 
disclosure or copying is unauthorised. Statements and opinions expressed in 
this email may not represent those of Virgin Media. Any representations or 
commitments in this email are subject to contract. Please note that we are 
migrating our email addresses to a company wide address of 
"@virginmedia.co.uk". If you are sending to a Telewest or ntl email address 
your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in 
England and Wales with number 2591237


==============================================================================

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Disable service identification, Michel Arboi
Next by Date:  plugin for SAP applications, PEÑA DE MIGUEL, Ivan
Previous by Thread:  Re: Disable service identification, Michel Arboi
Next by Thread:  scanning question, John Hally
Indexes:  [Date] [Thread] [Top] [All Lists]