On Mon, Jul 07, 2003 at 10:13:56AM +0200, Javier Fernandez-Sanguino wrote:
What if the scan host running Nessus gets black listed throughout the test?
Then maybe you should not run Nessus against it to start with. You're supposed to have the full control of the target when doing such a scan.
That is not usually the case and most certaintly is not when pen-testing.
That might be reasonable for Nessus to cross check and warn the user if that happens. AFAIK there is no check that warns the user of this event, might it be reasonable to code in such a plugin in the ACT_END (post-attack) phase?
There is a plugin called "check_ports.nasl" already which makes sure that every port which was open at the begining of the scan is still open at the end. If nessusd was to be blacklisted, it would warn the user for every port. Since the user has to know that there is a NIPS on the way, it's up to him to use his brain and figure what has been going on.
Ok. I wasn't aware of this plugin.
Regards
Javi
