On Mon, Jul 07, 2003 at 10:13:56AM +0200, Javier Fernandez-Sanguino wrote:
> >
> >Please ! Yes, you need a working network to do a network security
> >audit. If it goes down, your audit is incomplete. Is it the job of
> >Nessus to workaround broken network configurations ? No. What's next ?
> >Making sure the routes are right ?
> >
>
> What if the scan host running Nessus gets black listed throughout the
> test?
Then maybe you should not run Nessus against it to start with. You're
supposed to have the full control of the target when doing such a scan.
> That might be reasonable for Nessus to cross check and warn the
> user if that happens. AFAIK there is no check that warns the user of
> this event, might it be reasonable to code in such a plugin in the
> ACT_END (post-attack) phase?
There is a plugin called "check_ports.nasl" already which makes sure
that every port which was open at the begining of the scan is still open
at the end. If nessusd was to be blacklisted, it would warn the user for
every port. Since the user has to know that there is a NIPS on the way,
it's up to him to use his brain and figure what has been going on.
-- Renaud
