Why not change the .nasl script on your scanner to include the wording you
want to convey to management?
"Mink, Adrian
(QB8692)" To: "Nessus Mailing List
(E-mail)" <[EMAIL PROTECTED]>
<Adrian.Mink@pinnac cc:
lewest.com> Subject: RE: Null session log in
Sent by:
[EMAIL PROTECTED]
essus.org
09/26/2002 02:21 PM
Of course I want Nessus to do the best possible job. The issue is giving
reports to management, who are not likely to understand the distinctions
between tests that use LsaLookups and those that do not. If I say that Null
Sessions are disabled, but they continue to show up in scans it would be
helpful
to have some very clear language stating why, in the actual scan. It would
be even
more helpful to have two separate tests (One using LsaLookups and one not.)
so that I can test and verify what exactly is still vulnerable and under
what
conditions. I am not enough of a programmer to do this myself, and doubt
that this issue is very high on anyone's list. But, if someone has some
time
on their hands it would be appreciated...
Thanks to everyone for your explanations and assistance!
Adrian
-----Original Message-----
From: Taed Wynnell [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 11:33 AM
To: Mink, Adrian (QB8692); Nessus Mailing List (E-mail)
Subject: RE: Null session log in
Why would you want to prevent Nessus from doing the best job of testing
that
it can? If Nessus can find the problem, then why wouldn't you want to know
that the problem exists?
The Nessus plugin verbage is actually slightly different depending on what
the setting is. Renauld made that change when this topic came up about 6
months ago. I think that it actually mentions the RestrictAnonymous
setting, and then has different text depending if it thinks it's a Windows
NT machine or something "higher".
-----Original Message-----
From: Mink, Adrian (QB8692) [mailto:[EMAIL PROTECTED]]
Sent: Thursday 26 September 2002 11:22 AM
To: Nessus Mailing List (E-mail)
Subject: RE: Null session log in
That would certainly be useful, as I cannot set restrictanonymous=2 on my
network as
too many other issues crop up. Would it be possible to note these items in
the actual
plugins? Or to have two sets of tests, one which uses LsaLookups and one
which does not?
Thanks!
-----Original Message-----
From: Taed Wynnell [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 11:12 AM
To: 'Michel Arboi'
Cc: Nessus Mailing List (E-mail)
Subject: RE: Null session log in
Yes, it was "known" in that sense, but we wanted it confirmed by the
Microsoft engineering group that there was no OTHER way to prevent it
(other
than filtering the NetBIOS ports completely) on Windows NT.
-----Original Message-----
From: Michel Arboi [mailto:[EMAIL PROTECTED]]
Sent: Thursday 26 September 2002 11:04 AM
To: Nessus Mailing List (E-mail)
Subject: Re: Null session log in
Taed Wynnell <[EMAIL PROTECTED]> writes:
> We submitted a Microsoft Premier Support issue on this topic, and they
> confirmed that there is no way to prevent what Nessus does on Windows NT.
> On Windows 2000 and up, it can be prevented with "RestrictAnonymous=2".
It seems that this problem was already known:
http://www.securityfriday.com/Topics/restrictanonymous.html
http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0078.html
(off topic)
Please note that restricting anonymous SMB sessions may break some
functions (inter-domain trust...)
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
