On Fri, 25 Jul 2003, Tony Howlett wrote: > I scan through firewalls all the time. I typically turn all port scanning > off and just run the plugins. If theyve got any ports forwarded to > applications, youll be able to test those boxes (atleast on the ports that > are forwarded). I also regularly find problems or issues with their actual > firewall such as old versions of SSh, unneeded services running, etc.
Hi Tony. Could you provide more details about this? Maybe I'm missing something, but it sounds to me like your approach would automatically produce very inaccurate results (against firewalls, or any other device). If you turn off all port scanning, and then just run the plugins, all the plugins that depend on a particular service running (which is A LOT of them) will automatically fail (or just not get executed by Nessus). To get a complete and accurate assessment, the port scan is has to be performed. Then again, maybe I just misunderstood your explanation. Maybe I'm missing some "Nessus magic" that I didn't know about. In any case, I would be interested to have some clarification around this... :) ~Jay -- == Jay Jacobson == Edgeos, Inc. -- http://www.edgeos.com == == Automated Information Security and Vulnerability Assessment
