On Wed, Jul 09, 2003 at 10:49:39AM -0700, sherwin Lu wrote: > It's plug in 11580 which I also have enabled. How do > I check the version of the plug-in? Since upgrading > to 2.0.7, his scan also does not show this > vulnerability.
So it has been fixed. To check the version number, check the "script_version" line in the plugin itself. > Does anyone understand how scan 11580 checks for this > vulnerability? It sends a UDP packet to a remote port with a source port > 1024. If it gets a reply, it exits. Then it sends the same packet to the same port with a source port of 53, and if it gets anything as a reply, then it means something on the way is filtering. This is not really prone to false positives except when the plugin was badly written. > If there's no fireware between Nessus > and the device, should it still report a vulnerability > since the device will accept all queries from UDP port > 53(as well as any other port). No. It will warn you only when the device accepts UDP queries from port 53 ONLY.
