This sounds like a good goal - and yet, it's not very specific. Some questions:
* Which "releases" should be tested?
* With what loaded?
* Using nmap - what options?
* Using nessus - what options/configuration?
* What happens with the results?
To start the ball rolling, here are some nmap results against the current
development release of Oxygen:
# nmap -sS -O 172.16.XXX.XXX
Starting nmap V. 2.3BETA10 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Insufficient responses for TCP sequencing (3), OS detection will be MUCH less reliable
Interesting ports on (172.16.XXX.XXX):
Port State Protocol Service
80 open tcp http
TCP Sequence Prediction: Class=random positive increments
Difficulty=4143733 (Good luck!)
No OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
T1(Resp=Y%DF=Y%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
TSeq(Class=RI%gcd=1%SI=3F4CCB)
TSeq(Class=RI%gcd=1%SI=3F3A75)
T2(Resp=N)
T1(Resp=Y%DF=Y%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
T3(Resp=Y%DF=Y%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
T2(Resp=N)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T3(Resp=Y%DF=Y%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
#
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
