On Mon, Jul 07, 2003 at 02:08:06PM +0200, Javier Fernandez-Sanguino wrote:
> Renaud Deraison wrote:
> >On Mon, Jul 07, 2003 at 10:13:56AM +0200, Javier Fernandez-Sanguino wrote:
> >
> >>What if the scan host running Nessus gets black listed throughout the
> >>test?
> >
> >Then maybe you should not run Nessus against it to start with. You're
> >supposed to have the full control of the target when doing such a scan.
> >
>
> That is not usually the case and most certaintly is not when pen-testing.
Then as a pen-tester you are expected to understand what's going on
(ie: after a Nessus scan, you can't ping the host any more). If you only
do a Nessus scan and call it a "pen-test" and do not "tickle" the remote
host at all after the scan itself, then something is very wrong.
-- Renaud
