> -----Original Message----- > From: nessus-bounces at list dot nessus dot org > [mailto: nessus-bounces at list at nessus at org] On Behalf Of Jack Solomon > Sent: Monday, March 08, 2004 8:09 AM > To: nessus at list dot nessus dot org > Subject: FW: Nessus and Snort > > > > Would someone please explain the benefit of retaliatory scans? As a > white-hat, my responsibility is to protect our internal > systems from risks > (virus, hacking, spamming, stupid users). While it would be > interesting to > get into infowarfare, which is essentially what this is, I > don't see the > gain. >
It's taken me a few days, but I came up with a plausible scenario. I monitor internal intrusion detection systems that often detect the activity of viruses, worms, and trojans doing their thing. My first step is to ping the system, then nbstat it and look up the current logged on user, then I run nmap against it, then I feed that into nessus. Nessus is provided with a domain user account and can touch the system and tell me what patches are missing and what ports are listening that shouldn't be. I take the results and put a priority 1 ticket into our help desk to have someone fix the system and, thanks to Nessus, I can tell them what patch to install or what service to disable. It would be nice if I could have specific alerts from our IDS trigger a specific scan against the source. -Jason _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
