i updated using 'nessus-update-plugins' yes i restarted nessusd nothing SQL related appears. just a few general/tcp issues and then port specific (25, 80, etc).
where should i see the SQL stuff. i am selecting all non-dangerous plugins which i see includes some SQL stuff. Is there some other option that i need to set? thanks, dean -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 9:50 AM To: [EMAIL PROTECTED] Subject: Re: Nessus newbie On Fri, Jan 31, 2003 at 08:00:24AM -0500, Bishop, Dean wrote: > Good morning, > > i am just putting a nessus server together for production use and need a > bit of help understanding. > > i have run nessus scans this week after the SQL-Slammer scare on a few > machines that i believe to be vulnerable. i updated my plugins 2 days ago > just before my last scan and enabled all plugins (even dangerous ones). > Even still i don't see any SQL vulnerabilities. What am i missing? > > i saw a post within the last 24h that indicated that to get SQL version > info you need an admin level account. Is this also true for the SQL-Slammer > (and other) plugins? No. The SQL slammer check does not need any credentials. However, there's a plugin which retrieves the version number of the remote SQL host, and it needs credentials, but that's unrelated. How did you update your plugins ? Did you restart nessusd ? What appears in the report regarding SQL ? -- Renaud
