Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: nessus_test directory

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: nessus_test directory
Date: Thu, 02 Aug 2007 09:43:35 -0400 
On 08/02/07 09:16, Paul Rivers wrote:


I ran the scan without any plugins and for only a few ports and still get the 
nessus_test directory created.


Odd. Does nessusd.messages confirm that no plugins were launched (you'll 
need log_whole_attack set)? [There will be some plugins in the 
ACT_SETTINGS regardless, though.]

Any chance you could send me privately the pcap of the scan showing all 
the traffic to/from the affected host?


Port range : 20,21,25,445,1433


Is the directory still created if you only scan port 21?  You may have 
been onto something in asking about an SMTP plugin before. Is it 
possible that the FTP server uses /tmp?


Running ngrep -iq 'nessus_test' I get:

T 10.100.12.66:3173 -> 10.200.2.220:43817 [A]
  drwxrwxrwx   1 owner    group               0 Mar 15  2006 Archive..drwxrwx
  rwx   1 owner    group               0 Sep  5  2006 ArchiveUK..-rwxrwxrwx
   1 owner    group               0 Aug  2 14:05 nessus_test..-rwxrwxrwx   1
  owner    group            1064 Oct  6  2006 v564062791.a29..-rwxrwxrwx   1
  owner    group            5516 Oct 11  2006 v564062841.a29..-rwxrwxrwx   1
  owner    group            1064 Oct 12  2006 v564062851.a29..-rwxrwxrwx   1
  owner    group            2108 Oct 20  2006 v564062931.a29..-rwxrwxrwx   1

... and the portnumber cycles around, too?


What do you mean "cycles around"? Could this be from FTP directory listings?

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  re: nessus_test directory, Paul Rivers
Next by Date:  Netstat scanner does not seem to work on windows systems, Patrice Arnal
Previous by Thread:  re: nessus_test directory, Paul Rivers
Next by Thread:  Netstat scanner does not seem to work on windows systems, Patrice Arnal
Indexes:  [Date] [Thread] [Top] [All Lists]