This begs two related questions: How can we confidently construct the least vicious, yet most productive scans ? Is category helpful in making these determinations ? e.g., what confidence do we have that ACT_ATTACK and ACT_MIXED_ATTACK plugins will not bring down a service or the machine that runs the service being tested ?
I think a review of the meaning of each category, and how and whom category is set, would be most informative. Knowing that, which clues in the plugin name help us to understand that certain checks may take a very long time to complete (e.g., those whose name includes "enumerate" or "brute-force" are likely to take a long time) ? Cheers, -Mike Slifcak -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 1:40 PM To: [EMAIL PROTECTED] Subject: Re: OpenSSL question On Wed, Sep 18, 2002 at 01:11:19PM -0400, Datdamwuf of wolf wrote: > To check for vulnerable systems I normally do the banner grab plugin, > OpenSSL overflow. However, we think we may be missing systems that aren't > advertising. I would like to use the plugin below, it is in the category: > script_category(ACT_MIXED_ATTACK) > > OpenSSL overflow (generic test), Gain a shell remotely, Checks for the > behavior of OpenSSL. > > What is the risk of breaking the server with this plugin?? None if you enable the safe checks (it overwrites one variable on the stack, nothing crashes). -- Renaud - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
