I'm seeing a large number of false negative detections by snmp_detect.nasl. I'm scanning for 3 things,
snmp_detect.nasl snmp_default_communities.nasl snmp_sysDescr.nasl What I see is that snmp_detect gets run, opens port 161 ok, does the send then the recv but gets null back in return. On 1.0.9 the other two tests then run anyway and find that the agent is using the default community strings and show the correct o/s version thus showing that the snmp_detect did not work properly. On 1.0.10, the other two tests now check snmp/running which is set by the first test and don't run at all thus we lose sight of this box altogether. Examples of systems returning false negatives but responding to the sysDescr include Windows NT 4.0 Windows 2000 CISCO IOS V12.0(2)XC2 /var/snmp/snmpdx.st HP/UX 10.20 though I don't know if all copies of these are false. Trevor Hemsley, Security Consultant, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify us by return and delete the same. The views expressed in this electronic transmission do not necessarily reflect those of Atos Origin or any of its subsidiary companies. Although the sender endeavours to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You.]
