On Mon, 16 Feb 2004, Kava Kicks wrote: > Hmmm ... I don't know that the goal of testing is to break things; > rather, it is to see if it *could* be broken .. but anyway ;)
A test that has broken its subject is a good test. A test that has not broken its subject might be a good test on an unbreakable subject as well as a bad (insufficient, incorrect, improper...) test on a breakable subject. > I think it was the portscan that did it. I have Nessus set up to carry > out its default scan, then I also use Nmap as a secondary scanner. > After I modified the Services.txt file (but left the Nmap settings > alone), the crash no longer occurred. Ah...the list of ports to be scanned was "default", right? "default" stands "all ports found in services.tcp (all all TCP ports found in /etc/services when services.tcp is not available)". You could do the same think if you replaced "default" with an explicit list of ports minus the port you want to avoid but I admit the list would be too long to be practical. On the other hand, a list of intervals like "1-2048,2050-" can be as good (if not better because it can find services listening on obscure ports) as a sparse set of most popular ports in many cases. > Just curious, why don't you think that modifying the services file is a > good idea? Surely it is easier to modify one file that will only affect > Nessus, instead of trying to create/modify a firewall rule that willl > affect evertyhing on that machine? You might convince the scanner to leave a certain port alone this way but it cannot guarantee Nessus won't touch the port at all. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
