On Fri, Mar 05, 2004 at 02:14:23PM +0000, [EMAIL PROTECTED] wrote:
> I have been seeing an odd number of false positive results with the Raptor Weak ISN
> generation
> issue. Windows XP hosts running the Symantec Client VPN software, with the Symantec
> Client VPN Driver bound to their NIC return that they have they generate weak ISNs.
> Now, I'm not expert
> enough to know if this is true based soley on the Nessus output, so I have attempted
> to validate
> using NMAP. The results are as such: (using the command nmap -O -vv -g 1025
> hostname)
This is probably a false positive, but I don't think nmap would detect
it, as the ISN _are_ random, but seeded on the src and dst port pair
used by the initial TCP packet.
If you could run tcpdump -w file while running the plugin and send me
the packet capture, that would help me determine where the problem is
coming from.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
