Yeah, I've seen that. If you look at the pluggin (one thing you can't do with any other scanner), you can see that it looks for a connection and then it looks for a password request. If it doesn't get the password request, then it assumes that no password is required.
I ran into what you're seeing on an audit of a system behind a Raptor firewall that was connecting on TONS of ports (presumably to confuse/waste time of an attacker). In this case, I also got a notice on the PcAnywhere 'hit' in Nessus stating that it was only able to connect but then the connection was immediately dropped. In the stage of verifying the Nessus report, I telnetted to the PcAnywhere ports and got connections and immediately dropped. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Zoeffert Sent: Monday, June 30, 2003 5:33 AM To: [EMAIL PROTECTED] Subject: PCAnywhere false positives? Hi, While testing a rather large network Nessus reported most PCAnywhere hosts not to be password-protected. The administrators reported this to be a false positive. Is the PCAnywhere plugin version specific? Has anyone else encountered this? Thank you in advance, Z. de Haas
