Re: Vulnerabilities not found by Nessus.

Tue, 05 Feb 2002 09:22:17 -0800 

> 
> According to Mandy Andress:
> http://www.nwfusion.com/reviews/2002/0204bgrev.html

old news.
most of these have been added, as new tests are added (daily?) weekly.

> 
> This article states that the following vulnerabilities are not found by
> Nessus:
> -Domain Controller Request DoS
> -Malformed RPC Packet
> -Packaging Anomaly
> -Virtualized UNC Shares
> -Malformed WebDAV Attack
> -wu-ftpd format string debug set
> -wu-ftpd file globbing
> -sendmail maillocal
> -OpenSSH UseLogin
> 
> Someone tell me this is BS before I do the research myself.  The article
> also states that NetIQ and NetRecon found 2065 and 762 identified vuls in
> their test environment... Now I know this is BS, many scanner manufacturers,
> like ISS, I know for a fact give different labels to multiple signatures
> when in fact they are just variants to one attack giving the purchaser the
> idea it finds more.
> 
> Anyone's feedback is welcome!
> 
> Troy Perkins
> Information Security Analyst
> S1 Community and Regional eFinance Solutions Group
> (512) 336-3152 (p)
> (512) 336-3250 (f)
> visit us at <<http://www.s1.com/>>
> Delivering the Compelling eFinance Experience
> 
> --------------------------------------------------------------------
> LEGAL NOTICE: OBLIGATION OF CONFIDENTIALITY
> The information in this email is confidential and may be legally privileged.
> It is intended solely for the addressee.  Access to this email by anyone
> else is unauthorized.  If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be taken
> in reliance on it, is prohibited and may be unlawful.
> --------------------------------------------------------------------
> 
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> 
> mQGiBDxVe3IRBADsTVZLua1guipy+d5m7EHKQTvt3mSfDpbuyuZs7JMm7i0TgHTo
> nwnQe1cWmAC+EacNoSYS1HrSf9KE9eFzN3ampI0HEyJ2f3WFGiK0aNYeOJvISh5A
> ds6V1MNFMFybcvYdXtQ/g9qOW/4nQ+eefEnoXLrwrdXpSFaP6L3kE1M9OQCg/5Fn
> umL+xzHPKjaav/RmhIyUVfMD/1KMQbi5zmzK/7nICkY/oyVv1+612tczbsJhR3wV
> FsO2S9T6SSfWl7ivYGyLrRBGJczcn+c30V3/p+vAHwozrguQosKFajStyYaO3JID
> xBEe2izrG9PvIDr24wf9is/9f0ERv2B1zvHrOjcsw34DQrJtrhg8rxsPHjUT/dMG
> 6bfNA/0fkOJfUgh/y2CtJAhgxJnzzC41UXNA/25ce48SOtksapS8JYImdpx1ln9N
> ADKa6jKw2pQTkKAluDwY0a+ZCt2R+WbJtnIto9uxLjg2D9mQpDMgh1mTuejt6JFR
> jrier8S2DRynqLJT0P13937RVJPeLXTl8Wd3tHAP0bDXlDfJorQlVHJveSBTLiBQ
> ZXJraW5zIDx0cm95LnBlcmtpbnNAczEuY29tPokATgQQEQIADgUCPFV7cgQLAwIB
> AhkBAAoJECVXDuiyYRUvXrgAoPBZysxU/KEc8pm93DBQz/eu3x6+AKDo3WLboUML
> Z9XhcUffDaUzjGmnc7kBjQQ8VXtyEAYA+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRP
> xfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvN
> ILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dD
> ox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMI
> PWakXUGfnHy9iUsiGSa6q6Jew1XpWHxHAAICBgCXJStvD7pmGlXAMniqsp6tv9Xj
> 7HXhJiODL6iCmBIKzvrkMLkjFcoRz7eT4//ru6Gs/1sYL3AW25gBkb82yVjJ81VW
> kIS8FLxKAuqpl55vZR+Qae/vYT5Jv8J17zcl8PKqMRfBSXJ7EVTq3v/VyEnQv0j6
> vWKnj9wppCTflAcoVYVjGElfVqidVtHwTynVsszvuS1K0V3tdMU0OCMli/ChhtMZ
> lRExqNiedLyzM2U31/PgUuzGObiAbZI0PxatOE6JAEYEGBECAAYFAjxVe3IACgkQ
> JVcO6LJhFS911gCcCzZPOVZWwDyVr3tdt6m0YyApnuAAmQEH5fm/hc4Dm98obs8a
> 06HteGIk
> =gbrO
> -----END PGP PUBLIC KEY BLOCK-----
> 

-- 
Michael Scheidell
Secnap Network Security, LLC
(561) 368-9561 [EMAIL PROTECTED]
Sign up Live WEBCAST Q & A : Should I migrate from IIS? http://www.secnap.net/

Reply via email to