A workaround on the issue that Rick mentioned is fairly simple. Instead of
listing the entire range of 1-65535, simply break it. for example, use
1-65534,65535 in the entry field and Internet Scanner will scan the entire
range.
----- Original Message -----
From: "Frataccia, Rick" <[EMAIL PROTECTED]>
To: "'Evans, Mark'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, October 08, 2002 7:11 AM
Subject: RE: [ISSForum] Internet Scanner & RDP (TCP 3389)
Even if you increase the port scan options to include 1 - 65535,
Internet Scanner does not perform a complete port scan. This particular
piece has been broken since the 5.x release (which is when I noticed it, but
may have been longer). Anyway, another configuration change required is in
the Tools pull down menu, select Options, and turn on the options for:
Scan if ping fails
Always run Checks
Something else that needs to be noted is that a large number of checks
require Administrative privileges on the systems you are scanning (not the
scanner). This is another flaw, as Administrative rights are not needed to
exploit the vulnerabilities.
The configuration change will increase the time for the scan to
complete. Also, continue to use NMAP, it's a solid tool !! Take a look at
Nessus as well, http://www.Nessus <http://www.Nessus> The side by side
comparison will amaze you..
-----Original Message-----
From: Evans, Mark [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 1:23 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Internet Scanner & RDP (TCP 3389)
You need to increase the port range under TCP Services. By default, IS only
scans the well-known port range (0-1024).
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 9:29 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Internet Scanner & RDP (TCP 3389)
Does anyone know what you have to enable in the Internet Scanner Policy to
detect the RDP service (TCP 3389)? I scanned a range with nmap and it
detected RDP running on a few hosts. However, an Internet Scanner scan of
the same range didn't pick it up. I would expect it to be listed under the
services tab? Is it possible that Internet Scanner is looking for the
actual service while nmap is just seeing the open port?
Wade Dauphinee
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
_______________________________________________
ISSforum mailing list
[EMAIL PROTECTED]
