Hi, it seems that there are situations, when the anonymous-ftp check in Nessus gives false negatives. We have the case of a printer, in which the login to an ftp server does not require a password:
> ftp x.x.x.x Connected to x.x.x.x 220 FTP server ready User (y.y.y.y:(none)): anonymous 230 Password not required for anonymous ftp> The nessus plugin, which uses the NASL function "ftp_log_in" does not catch this anonymous ftp, because ftp_log_in (judging from the source code) expects the ftp server to request a password (331 Guest login ok, type name and password). Maybe ftp_log_in should be corrected to also take into account situations as described above? Greetings, Bernd ______________________________________________________________________________ WEB.DE MyPage - Ultimatives Kommunikationstool! Ihre Message sofort online! Domain aenderbar! http://www.das.ist.aber.ne.lustige.sache.ms/ - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
