Thank you Mr. Theall. So, actually, how Nessus perform the particular process
after finish loading a plugin? For example, like you said before, they send
request to a port. How Nessus do this kind of sending? Which part do this,
Nessus or plugin? Thanks~
Kevin
Message: 19
Date: Wed, 26 Mar 2008 07:34:10 -0400
From: "George A. Theall"
Subject: Re: Host identification b/w workstation and server( or
internet facing system)
To: nessus@list.nessus.org
Message-ID:
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
On Mar 26, 2008, at 4:45 AM, Chak Kevin wrote:
I am trying to understand how Nessus identify a host is a web server
(or internet facing system) or just a regular workstation. Have this
identification been implemented in the source code? Or Nessus do
this by using some specific plugins?
Service detection isn't as black and white as this -- a host isn't
identified as being a web server or workstation. Instead, Nessus
attempts to identify the services running on the various ports(s)
being scanned so in theory it will catch the web server running along
with MySQL, SSH, and SMTP.
Nessus uses plugins for this. Some such as #10330, #17975, and #11153
are fairly general - they send a request to a port and make a
determination based on the banner or the results returned. Others are
specific to a single application / protocol.
_________________________________________________________________
5 GB 超大容量 、創新便捷、安全防護垃圾郵件和病毒 — 立即升級 Windows Live
Hotmail
http://mail.live.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
