Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: devel

False Positives: TrinOO, TrinOO for Windows, Shaft, mstream agent

 

 

Nessus devel RSS feed   Index | Previous | View Threaded


Joerg.Dieter.Friedrich at uni-konstanz

Aug 15, 2001, 3:50 PM

Post #1 of 1 (931 views)
Permalink
False Positives: TrinOO, TrinOO for Windows, Shaft, mstream agent

Hi everybody!

Nessus reports on every scan the security holes mentioned in subject.
Even on machines that have been installed minutes before and never
had any network-connection. This cannot be true. I had a look on these
attack-scrips. They all have a similar structure:

1. Send an UDP-packet to the attacked machine.
2. Look for an UDP-answer
3. If there is an answer, report security hole 'x'
else report security hole 'y'

But if nothing listens on this port most machines answer with an
ICMP unreachable, which the script always ignores. Then there is no
answer and it reports an security hole.

Maybe someone can fix this? I tried, but I first have to learn NASL ;-)


--
Heute ist nicht alle Tage, ich komm' wieder, keine Frage!!!
Yours Joerg
War is an equal opportunity destroyer.

Nessus devel RSS feed   Index | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.