On 28 Aug 2002 at 14:25, Duane Winner wrote: > Stronghold web server - Nessus detects mod_ssl older than 2.8.10 and OpenSSL > older than 0.9.6e. True again, but the latest version of Stronghold includes > the patches - they just don't increment the version number. > > So does Nessus really check for the vulnerabilities or the version? If it > can actually check for the vulnerabilities, is there something I need to do > or something I'm not doing right? I'm confused.
As I understand it, there are two modes in Nessus. The Non- DoS/Destructive mode, & the DoS/Destructive mode. Since people get upset when they don't read the DOCs and plug Nessus in run it against their live network and it finds vulnerabilities (there by taking their network down), the Nessus team has enabled the Non- DoS/Destructive mode by default - in this mode it will do version checking for 'destructive' vulnerabilities, if you change the mode to DoS/Desctructive mode it will execute the vulnerabilities. HTH, -- George Boutwell, Programmer II - Valley Hope Association [EMAIL PROTECTED] - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
