Thanks for the clarifications. I have added all five options into the
Nessus Knowledge Base. They are at:
http://www.edgeos.com/nessuskb/details.php?option_id=275
http://www.edgeos.com/nessuskb/details.php?option_id=276
http://www.edgeos.com/nessuskb/details.php?option_id=277
http://www.edgeos.com/nessuskb/details.php?option_id=278
http://www.edgeos.com/nessuskb/details.php?option_id=279
I also fixed a couple of little errors in other documented items in there
and updated a bunch of parent/child/peer relationships.
~Jay
On Sat, 3 Jul 2004, Renaud Deraison wrote:
> On Sat, Jul 03, 2004 at 12:13:27AM -0700, Jay Jacobson wrote:
> > Just out of curiousity, what is the criteria that makes a script flagged
> > as experimental? Also, what is the process for an experimental script to
> > become stable?
>
> If a script generates false positives or alerts the average user do not
> understand, it's marked as being experimental.
>
> A good exemple is www_fingerprinting_hmap.nasl which attempts to do web
> fingerprinting (which is quite a new field in itself). When it issues
> that the remote web server if flagged as Apache/1.3.29 whereas it
> actually is Apache/1.3.30, many people complain about this blatant
> "false positive" which makes them "look bad" to the admins when the
> proudly tell them that they modified the banners to hide the fact they
> are still running 1.3.29.
>
> Once we're happy with the verbosity and noisyness of such plugins,
> they'll be put back in the non-experimental plugins.
>
> > > rh_inetd.nasl launches very slow tests if "Thorough tests" is on.
> >
> >
> > I am familiar with rh_inetd.nasl taking a long time to fully run. However,
> > I think calling the option "thorough tests" may be misleading. Instead,
> > maybe this option should be called "Long-Running Tests" or something like
> > that.
>
> I wanted to label it as being "slow" tests, however we have some plugins
> (ie: fuzzers) that are waiting to be commited and fit more the thorough
> category.
>
> > Along those same lines, may I recommend that we also include plugin #10927
> > (blackice_dos.nasl) in this category of long-running scripts. I have
> > frequently witnessed this plugin taking a very long time to run (relative
> > to all the other plugins), not to mention the relatively huge amount of
> > bandwidth this plugin consumes.
>
> Done, thanks!
>
> > > "Report verbosity" is not used yet but some people complained that
> > > there are too many information in their reports. "Quiet" shoudl fix
> > > this, when it is used.
> >
> >
> > Sounds good. This option currently has three possible states: verbose,
> > normal, and quiet. I understand "quiet" based on your reply, and I
> > understand "normal" would be the same quantity of report information
> > provided today. However, what additional report information might the
> > "verbose" setting provide?
>
> It would provide messages such as "Could not log into the remote Windows
> box - can't say if patch KB1234 is installed or not".
>
> > If the report verbosity option is not currently in use in any of the
> > plugins and only two verbosity states are clearly understood, maybe this
> > option should only have two states: normal and quiet.
>
> "quiet" will be used for plugins such as the fingerprinting plugins to
> not display the OS signature in the report for people who don't care
> about them. So we really need three levels.
>
>
>
> -- Renaud
> _______________________________________________
> Nessus mailing list
> [EMAIL PROTECTED]
> http://mail.nessus.org/mailman/listinfo/nessus
>
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Network Security Auditing and
.. Vulnerability Assessment Managed Services
..
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
