Hi there I've just upgraded to 2.03, and here's what I've found so far.
smtp_relay.nasl still misdiagnoses relaying on Qmail servers. Qmail doesn't do real address parsing until after it has accepted the message, so it would bounce later. Secondly, I ran it against an internal Qmail server, and it obviously did allow me to relay - as Nessus was running on an internal host. I think the description needs to be like the DNS rules, something along the line of: --- The remote SMTP server *may* allow relaying. If true, this would mean that it allows spammers to use your mail server to send their mails to the world, thus wasting your network bandwidth. If the nessus scanner and the remote SMTP server are both running on the same network, then you can safely ignore this alert. --- Secondly, it misdiagnoses how xinetd handles multiple FTP connections. goodtech_ftpd_dos.nasl classified a perfectly good vsftp server as having a "Serious" security hole because xinetd decided to start refusing FTP connections from Nessus. I'd say that is a feature - not a bug :-) I've already had a co-worker ask me why Nessus said their FTP server was "broken" - I realised immediately it was just a DoS-limiting feature - but the description of this test doesn't offer that as an option, and less experienced SAs are left a bit needlessly worried. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
