Re: Nessus GUI

Sun, 25 Aug 2002 22:56:20 -0700 

Michel Arboi wrote:

>>1. When you click on "Enable all", the list of plugins is not updated, i.e.
>>DoS-Tests are still disabled on screen. I think this is very
>>critical!
>>    
>>
>If you click on another tab and come back, it will be.
>Not great but not "critical".
>
The criticality depends on whether the user relies on what he sees.

>Tooltip would be great, I agree. V2? V1.4?
>
There are already some tooltips available - e.g. some help is given if 
you move the cursor to the "save check" field. Thus, it shouldn't be too 
difficult to add similar help texts to other fields.

>An integrist test is a test written by me that destroy the root of
>your root server if it is not protected against the DELETE method :-]
>
Ahhh, .... well .... so what does it do? It sounds like just another 
plugin. Why does it require an extra entry in the frontend?

>>    - Do I have to specify user names if the SMB plugins can retrieve a list
>>of users from a Windows machine?
>>    
>>
>No, AFAIK.
>
That means I have to run Nessus twice to get reasonable results?

>>  - Why do I have to select "Save checks" if I disabled dangerous plugins?
>>    
>>
>If you click "safe checks", it will do more that just disable
>"dangerous plugins". "Not so dangerous plugins" will behave
>themselves.
>
>"Dangerous plugins" = ACT_DENIAL + ACT_MIXED_ATTACK
>  
>
>Safe_checks => disable dangerous plugins + make the safe_checks
>function returns "True", so that most plugins will only verify the
>service banner.
>
not ("dangerous plugins") != "undangerous plugins" ???

Does that mean you do not really trust your own classification?

Michael

-- 
=======================================================================
Michael Schmitt                       Telefon: +49 651 97551-40
Institut f�r Telematik                Telefax: +49 651 97551-12
Bahnhofstrasse 30-32                  WWW:     http://www.ti.fhg.de
D-54292 Trier                         E-Mail:  mailto:[EMAIL PROTECTED]
=======================================================================



-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.

Reply via email to