On Tue, 2002-08-27 at 19:52, bunger wrote: > After realizing the hole What do you mean?
> I cannot hit the domain on port 7500 w/o using an SSL connection. You mean that you need a client certificate? Or did you expect that Nessus would not see the HTTPS server? > After making the change, I re-ran Nessus against the same server > and it found 79 holes - 78 of which were against port 7500?! They all > referenced IIS or some asp/cgi script that is not installed on the > server... Your server probably always return a 200 HTTP code > I was thinking that Nessus was pretty accurate, Just curious: what's "accuracy" in security? > but after this little blunder I want to make sure I fully understand > what happened If you want us to find the problem, you should be a little more precise. What Nessus version, configuration, behaviour of your webmin server, etc. Any *useful* information. > before passing final judgement.... <grin> Well, considering the fact that most commercial security scanners cannot look through SSL, there are definitely a better choice... If your goal is to have no alarm at all, true or false. </grin> - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
