I have had the ike_check.nasl plugin false positive on most, if
not all scans I have run. The plugin seems to run no matter if port 500/udp
is open or not. I am not real good at reading the nasl plugins yet, but...
I see where the plugin runs on port 500, but I don't see where the
plugin requires that 500/udp be open to run the test in the first place.
Then, it appears that if the plugin doesn't get an ICMP Unreachable after
running the attempted DOS, then it thinks the DOS was successful and
appears in the report.
So, if the plugin runs against a system that does not have port
500/udp open, then it tests anyway. When the host still doesn't repsond,
then the plugin false-positives.
Do I have this correct ? Anyone care to comment ? One thing is for
sure though, I am getting a lot of false positives.
Mike
**************************************************
Michael J. McCafferty
M5 Computer Security
858-576-7325 Voice
PGP Key ID: 0x2206347F
http://www.m5computersecurity.com
**************************************************
--- "If you build it, they will hack !" ---
