-----BEGIN PGP SIGNED MESSAGE----- disregard my last post...I'm not thinking right :-<
either the host/network generates ICMP errors or not. so one of the following is true: 1) if the host/network generates ICMP errors AND port 500 is closed, the script will exit before spitting any packets out 2) if the host/network generates ICMP errors AND port 500 is open, the script will run, then check to see if the port has closed 3) if the host/network does not generate ICMP erros AND port 500 is closed, the script will still run but will fail to reach the security_hole() function. 4) if the host/network does not generate ICMP errors AND port 500 is open, the script will run but will fail to reach the security_hole() function I hate that option 3 wastes bandwidth, and option 4 is a potential false negative...however, UDP sucks and there is no other way (that I can think of). John Lampe https://f00dikator.hn.org/ "Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both." - --James Madison - ----- Original Message ----- From: "Michael J McCafferty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 11:51 PM Subject: Falses on ike_check.nasl > > I have had the ike_check.nasl plugin false positive on > most, if not all scans I have run. The plugin seems to run no > matter if port 500/udp is open or not. I am not real good at > reading the nasl plugins yet, but... > I see where the plugin runs on port 500, but I don't see > where the plugin requires that 500/udp be open to run the test in > the first place. Then, it appears that if the plugin doesn't get > an ICMP Unreachable after running the attempted DOS, then it > thinks the DOS was successful and appears in the report. > So, if the plugin runs against a system that does not have > port 500/udp open, then it tests anyway. When the host still > doesn't repsond, then the plugin false-positives. > > Do I have this correct ? Anyone care to comment ? One > thing is for sure though, I am getting a lot of false positives. > > Mike > > > > > ************************************************** > Michael J. McCafferty > M5 Computer Security > 858-576-7325 Voice > PGP Key ID: 0x2206347F > http://www.m5computersecurity.com > ************************************************** > --- "If you build it, they will hack !" --- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQEVAwUBPMRNRUXUt1lqbd/lAQGd+wf/TT9tR0U02C2cRjBbgGQIz8bsYHcF5Bh6 1C9cUSWclnrKBRr2BcBspthFMkwaTMimlC0WzXSj+hll7WMhqzFoXTjJAdF0BTDq zmTSvs8z+HQP0GREs+7a+QyRBOyEe4N1ILL4dvo05Vqc+mAe4Qjf6M3X9TBI9GKr VQHywwgzyMZv9JfgTBMYgGCjW0FpS9OEefcAeiAanz6uOztPRsObKpz6cFXPuf6z AqtQsyWl/76elglC+4upN0VqTDV8TSm8fGij9a09B1ehYPsxZSl+DlzLIfcTqFDn 0WC99avxWOIr9Sj2efTYk7jTUm6XVbwrDB27lw3dnBe4P6K2Lnk25Q== =FXbR -----END PGP SIGNATURE-----
