On Tue, 25 Mar 2003, Renaud Deraison wrote:
> On Tue, Mar 25, 2003 at 12:20:35PM +0200, Jukka Juslin wrote:
> >
> > Has anybody faced problem of the nessus report being flooded with repeated
> > lines like here:
> >
> > . Information found on port loc-srv (135/tcp)
> >
> >
> > A DCE service is listening on this host
> > UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
> > Endpoint: ncalrpc[LRPC000002b8.00000001]
> >
[...]
> >
> > The lines are not exactly identical, but I would appreciate if there is a
> > way to get rid of these DCE service reports by configuring the .nessusrc?
> > I didn't find any way so far.
>
> You can disable the plugin 10736 (dcetest.nasl), but then you loose
> valuable information (especially when the plugin recognizes DCE/RPC
> services on ports other than 135).
Alternatively, it is possible to modify dcetest.nasl not to report
non-TCP/UDP endpoints (LRPC, named pipes, various obscure network
protocols like IPX or AppleTalk). Just remove the two lines reading:
else
security_note(port:135, data:report);
You will still loose some information but (hopefully) the most valuable
pieces will be stay there.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
