Hi, When scanning a Checkpoint FW-1 that has the Web-based Client Authentication Remote Service running on port 900, the scan returned a false positive for nearly every web-based vulnerability (87 holes/24 warnings).
As most of you likely know, what actually happens is that the server returns the "main page" no matter what the request is. That is, you could request 192.168.0.101:900/reallybadexploit.html & it will always return with the same page as if you requested 192.168.0.101:900/ Granted, the scan did return a positive for the "no404.nasl" & noted that, as such, false positives were likely (guaranteed?) to occur. While, in this particular case, it seems fairly trivial to determine most of the false positives, what is recommended in the case of an IIS or other web server that does not "respect the HTTP protocol in that it does not send 404 error codes when a client requests a non-existent page"? What would the impact be of adding this 'virtual404' to the kb for the plugins. That is, how many false negatives would be generated if nessus were to "assume that if this virtual404 page were returned that the server was NOT, in fact vulnerable to the plugin"? Thanks for your feedback. -- Brian Kirsch - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
