Hello,
Actually this is an unfair statement (from your email below). I have learned everything I know about security (and nessus) by playing. I never once asked how to compile or run a test. I learned by examining everything there was to know about how it worked. There is enough online and builtin help to provide this. I have *never* been *for* security-by-obscurity, I simply disagree with script-kiddies and people who claim they are security people and yet can not read online help. Or worse, they try to run a tool like nessus and really don't understand how to work with TCP/IP and networking in general. They simply want to be the first at their "school" to break into something. I have met and worked with "wanna-be" security people. They want everything provided to them on a silver platter. If it is not as clear as black and white, then they go no further and assume it does not work. They don't want to know HOW something works (the mind of a hacker is that we want to know HOW it all works), they want someone else to do the work and they then use the tool for whatever. A simple example -- for lots of $$ you can purchase a lock-pic gun, which can pick many types of locks with a simple (not quite that easy, but ...) pull of a trigger. However, a real pro, who uses a tension bar and and actual pick set is more of an artist and can open almost anything. They know when to walk away (medico locks for example) or when to try another technique (break a window). Someone with a "gun" however, justs keeps trying until someone tells them that they are doing it wrong and shows them how to do it. They have learned nothing. Or better yet, when I was 13 years old, I took my father's stereo apart because I "wanted to know where the sound came from..." Rather than getting mad, he simply said, "It better work when you put it back together." and left me to do so. I learned that "learning" (figuring it out) was more than half the fun!!! And yes it did work when I put it back together. Security by obscurity is bad, but so is "spoon feeding". Learn for the sake of learning -- gather knowledge and improve yourself. If you run into a brick wall, try and chisel through it before asking someone else to do it for you. Oh well.. just my opinion and I am sure I will be blasted for it, for one simple reason -- it goes against what the script-kiddies believe. They use the "security by obscurity" as a smoke screen to blame us, instead of themselves... ciao Kat On Sat, 2002-10-12 at 12:57, Carl Houseman wrote: > Why do we cling to security through obscurity?? *sigh* > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of kathee > Sent: Saturday, October 12, 2002 12:55 AM > To: [EMAIL PROTECTED] > Subject: RE: How do you run nessus against a network you can't ping? > > > Why do we teach people how to be "script kiddies"?? *sigh* > > > On Fri, 2002-10-11 at 15:00, Carl Houseman wrote: > > Under "Ping the remote host", configure TCP Ping with the ports that are open to >hosts inside the firewall. > > > > Carl > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Friday, October 11, 2002 12:49 PM > > To: [EMAIL PROTECTED] > > Subject: How do you run nessus against a network you can't ping? > > > > > > The default configuration for nessus fails against > > networks with firewalls that do not admit inbound > > pings. We learned this last night. > > > > Is there a way around this? > > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
