TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Gary and Chris make legitimate requests. Should ISS pursue those
product changes, though, I'd like them to keep the following in mind.
Since a machine can intentionally deceive about the O/S it has, what
with honeypots and deception engines, as well as stealthing thoroughly
enough to evade O/S identification, I wish Internet Scanner to allow --
as an option -- its current behavior. Just because it SAYS it's
running, say, Win95 doesn't mean I shouldn't be able to scan it to see
if it's really a Solaris box.
En paz,
Steve, security analyst
Gary Flynn, I believe, wrote:
> Does anyone else here think it unreasonable that a scanner detect the OS and
> run tests appropriate for the discovered OS? Could this be an on/off switch
> enabling this behavior for those who like to run all tests against all
> platforms?
[EMAIL PROTECTED] replied:
> I think it's an incredible idea since most of the underground script tools
> are doing it... Why cant commercial software be that intelligent? Seems
> pretty simple.
--
Stephen W. Thompson, UPenn, ISC Information Security, 215-898-1236, WWW has PGP
[EMAIL PROTECTED] URL=http://pobox.upenn.edu/~thompson/index.html
For security matters, use [EMAIL PROTECTED], read by InfoSec staff
The only safe choice: Write e-mail as if it's public. Cuz it could be.
