Gary See answers below.
Jean Paul -----Original Message----- From: Gary Love [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 9:38 PM To: [EMAIL PROTECTED] Cc: Ballerini, Jean Paul (ISS EMEA) Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long scan? I've submitted a couple of enhancement requests. I'm wondering if they've been incorporated in the next release: Enhancement ID: 418 Product: ISFSWS (Internet Scanner) "During scan, when target hosts are shut down or taken off line, scanner doesn't detect and continues scanning. Scanning slows down to a crawl as each check has to time out. It would be nice if there was some kind of a "heartbeat" ping that could alert console window that target host can no longer be pinged." Have not received Enhancement ID on this one: 3 related problems: 1) When a host is scanned and no vulnerabilities are found, the report that gets generated treats such a host as if it were not scanned. No mention is made of it such as "Host XYZ was not found to be vulnerable for any of the selected checks". [Jean Paul Ballerini (ISS EMEA)] We only show vulnerable hosts in our scans. We do not show not vulnerable hosts. However, you would see them in user reports or Operating system reports 2) When a host is supposed to be scanned but is unreachable, the report doesn't mention that this occurred. [Jean Paul Ballerini (ISS EMEA)] You can scan a host list but if it is unreachable the only place you will see it is in the OS reports. 3) When a host is reachable and scanned but a firewall has blocked some of the ports, the report doesn't mention that this has occurred. [Jean Paul Ballerini (ISS EMEA)] Scanner does not know what ports your firewall is blocking and will report what responses it gets back from the target host. As a matter of scanning procedure we recommend and iterative approach to scanning to take into consideration hosts that are offline during any particular scan. As a result, when we scan several hosts at a time, and then review the report, it is hard to tell if the absence of data on host XYZ means there were no vulnerabilities or if XYZ wasn't reachable. This has the potential of causing a vulnerable but off-line host to be missed. Gary Love [EMAIL PROTECTED] SAIC Enterprise Security Solutions -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ballerini, Jean Paul (ISS EMEA) Sent: Thursday, November 18, 2004 5:33 AM To: McCash, John; [EMAIL PROTECTED] Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long scan? Yes. And there will be a progress bar. Jean Paul -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of McCash, John Sent: Wednesday, November 17, 2004 7:19 PM To: [EMAIL PROTECTED] Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long scan? I'm interested in this as well. Will we be able to manage it through the siteprotector console? Thanks John McCash -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ballerini, Jean Paul (ISS EMEA) Sent: Wednesday, November 17, 2004 2:09 AM To: Dan Widger; [EMAIL PROTECTED] Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long scan? This is coming in SP2 for Internet Scanner in February. Jean Paul -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Dan Widger Sent: Monday, November 15, 2004 7:50 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Request to interrupt Internet Scanner on long scan? Is there any means to enable whole ISS system, or any combination of the parts of the ISS Scanner, to start a vulnerability scan, then <pause> a scan, and then continue? What I have in mind is a long scan that can only be run from Time:Start (e.g. 2 a.m.) to Time:End on (4 a.m.), and to pick up where it left off at and the next Time:Start, in a continuous cycle, until the scan is done? Dan Widger Security Engr 713\892-3471 _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. ------------------------------------------------------------------------ ------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------ ------------------------ [mf2] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
