Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Does anyone else run Altiris on their network and use Nessus?

from [Olson, John (CTECH)] Network Security [Permanent Link]
Subject: Does anyone else run Altiris on their network and use Nessus?
Date: Mon, 12 Nov 2007 13:53:46 -0600 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Two years ago I submitted a bug to Altiris regarding the fact that when a 
machine running the Aclient is scanned by Nessus (or any other port scanner for 
that matter), the Altiris client software spawns process after process without 
closing the connection(s) opened by the scanner (doesn't seem to matter if it's 
a SYN scan or a Connect scan).  As a result, you end up with what amounts to be 
a DoS for the computer running the Aclient because it keeps eating up resources 
until it becomes so sluggish the end user has to reboot.  Because the software 
chooses a random port each time the computer is booted (or the service is 
stopped/restarted), I cannot simply exclude a port (or even range) when 
scanning.  Altiris support does not have a solution other than to switch to a 
different client (Dagent?) which "should" allow us to pick a fixed port.  
Personally, I think they should fix the program logic in their software to at 
least "time out" or not spawn additional processes....I am posting this 
publicly now since they have had ample time to correct this but have not chosen 
to do so.
 
So far, the only thought I have for a workaround is to somehow shutdown the 
Altiris service(s) on each machine prior to scanning it, perform the scan, then 
restart the Altiris services.  Does anyone know of a clean way to do this?  I 
suppose all of our Windows machines running Altiris could have a scheduled 
script that shuts down the services at a specific time, and another to start 
them back up at a specific time, leaving me with a "scan window" but that is 
not very good since I prefer to scan during the day when I know the majority of 
machines will be on the network and available for scanning.  Daytime is also 
when our Helpdesk personnel need that Altiris software the most so there is a 
conflict here.
 
Any ideas are welcomed!
 

John Olson, CISSP

Sr. Security Analyst

BI


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRzivSdczbpxETmLMAQhVOwf/f2BiO9xPoU/2PPghE1fghn5KFVNoosJJ
zi83kUOrZQQTLvnh6xJef7tUHezYCOTRu7+5yPrc+md7YqA/g7dc2cbUoRoZ6MdX
TXqR41ljGknxFqQX4yXcuNd6xchIOFqk0LCRiMf3I0GhTF6M3WEwfnlRIBmPs0TB
StqdmFxnUZSBta9KW2Lu7s+Nm3Nhmezy4WdrjWmziiLGWsw5cUWM6lZMbhuf8mgJ
oAVBZ4eRYYoAg1v5MrMvV6SdwYoCCKL107GGRvwF6b8xAWE3y6QNoCbaSAY1AuW9
lmUp2aI1qmAKbxT3dCtpc9cL61K2h6oWv3BQrWvvOfx+Cw/OkDbJZw==
=kttz
-----END PGP SIGNATURE-----


This e-mail message is being sent solely for use by the intended recipient(s) 
and may contain confidential information.  Any unauthorized review, use, 
disclosure or distribution is prohibited.  If you are not the intended 
recipient, please contact the sender by phone or reply by e-mail, delete the 
original message and destroy all copies. Thank you.

Attachment: PGPexch.htm.pgp
Description: PGPexch.htm.pgp

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Plugin 15819 - Cyrus IMAP, George A. Theall
Next by Date:  Re: Does anyone else run Altiris on their network and use Nessus?, Ron Gula
Previous by Thread:  Using GROUP_MEMBERS_POLICY in .audit files, Mercer, Jeff C - Raleigh, NC
Next by Thread:  Re: Does anyone else run Altiris on their network and use Nessus?, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]