IDS Systems will trip Nessus up in this way, too. When the scan is launched, NMAP will hit the box... the IDS on a firewall (like a VelociRaptor's IDS) will freak out and temp-ban your IP, then Nessus will start reporting false-positives like crazy as the ports are now closed or tarpitted.
Using more-polite nmap scanning and slowing down the plugins may help get around this... HTH, D. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renaud Deraison Sent: Thursday, June 19, 2003 11:33 AM To: [EMAIL PROTECTED] Subject: Re: Wu-ftpd 2.6.2 strange vulnerability report On Thu, Jun 19, 2003 at 11:21:40AM -0400, Rickard, Matthew wrote: > > Nessus can not make the distinction remotely, therefore you'll have to > > see for yourself (ie: is there a core file somewhere ?) > > There aren't any core files left behind. And from a (very) quick look at > the code I don't see anywhere where it would bomb out like that on invalid > input. maybe the read timeout is too low. Change in your .nessusrc : checks_read_timeout = 5 to checks_read_timeout = 15 and see if it solves the problem. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.490 / Virus Database: 289 - Release Date: 6/16/2003
