TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
A simple malformed snmp packet can be sent a RealSecure sensor which will
not be detected by ISS RealSecure at all, but can potentially cause a
memory leak in the sensor resulting in a sensor becoming unavailable. But
how can one do this without learning the intimate details of SNMP and C
coding.
HailStorm by ClicktoSecure (www.clicktosecure.com) allows the user to
create profiles that contain network based patterns to allow users to test
the various fields in a TCP/UDP packet.
Based upon the various manipulations of certain fields, networked equipment
(i.e. routers, switches, firewalls, certain intrusion detection software
applications) can fail under simple field manipulation. Networked
equipment vendors usually fail to test their own software under specific
security guidelines, or manage to gather enough knowledge to make
test harnesses relating to software fault injection versus typical testing
the networked equipment under load.
At 03:03 PM 4/27/2001 -0400, you wrote:
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I think it's an incredible idea since most of the underground script tools
are doing it... Why cant commercial software be that intelligent? Seems
pretty simple.
-----Original Message-----
From: Gary Flynn [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 27, 2001 11:38 AM
To: [EMAIL PROTECTED]
Subject: Re: Internet Scanner: Estimating time required to complete a
scan.
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
"Wheeler, Patrick (ISSAtlanta)" wrote:
>
> Thanks for the question. "Divide and conquer" is the best approach -
divide
> up your hosts into host lists based on OS, and then scan the host lists
with
> the appropriate OS-specific policy.
Does anyone else here think it unreasonable that a scanner detect the OS and
run tests appropriate for the discovered OS? Could this be an on/off switch
enabling this behavior for those who like to run all tests against all
platforms?
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
