On Wed, Aug 28, 2002 at 02:25:27PM -0700, Duane Winner wrote:
> I'm fairly new to Nessus, and I was wondering if somebody could help me
> clarify something.
[...]
> So does Nessus really check for the vulnerabilities or the version? If it
> can actually check for the vulnerabilities, is there something I need to do
> or something I'm not doing right? I'm confused.
When possible, it does vulnerability checking. The SSH vulns are far
from being trivial to implement, that's why we rely on the banner. For
OpenSSL, there are two checks - one solely relies on the banner of
Apache, the other one actually sends a bogus packet and determines if
the host is vulnerable or not depending on the result. I asked the list
for feedback about that one and got no reply.
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
