Many of those are local vulns that a network scanner like Nessus can't detect. But for sure the plugins do not cover everything. I imagin everyone here will welcome your contributions.1) i was going thru the cve list (cve.mitre.org) and it contains close to 6,500 vuls. why is it then that nessus only has about 2,000... have the remaining vuls have been left out intentionally for not being useful enough or is it just the sheer number vuls that makes it hard to catch up with and write an exploit/check for?
That's actually a runtime option "optimize the test". If you trust the banners services send then you can reduce the number of tests to run and save time/bandwidth. Personally I am more paranoid and do not trust the banners.2) one of the postings on the forums mentioned that knowing the application version number was *NOT* important in launching the attack. does this mean that if an ftp service is detected, ALL ftp attacks are launched, regardless of the ftp application version?
Regards,
Paul
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: [EMAIL PROTECTED] web: www.westpoint.ltd.uk
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
