On Tue Aug 24 2004 at 23:57, Pavel Kankovsky wrote: > Well, you can always give the customer a copy of Nessus, let them run it > themselves and charge money for the interpretation of its output. :)
And you'll be responsible because you gave him the software bomb :) > Well...if you have a banking application transfering billions of dollars > every day, then every piece of the system must be triplicated (at least). Unfortunately, a bad cluster is worse than nothing. The only thing that is sure is that redundancy adds complexity, ie. fragility. Then if the system is well designed, you will increase the global reliability. Maybe. I have some horror stories: - some old versions of IBM HACMP crashed when you run snmpwalk on the shared IP address (IIRC). The bug is referenced by IBM in their archives, but not widely known. - I've seen an asymetric cluster where the application took more than an hour to rebuild its database after a switch from the master to the slave machine. - with Nessus, I crashed a load balancer while scanning machines behing it. The load balancing function had been switched off during the test, I was scanning the offline machines, and the gizmo was supposed to act as a simple router. The attack was 3+ year old (stream?) but the bug was not known -- [EMAIL PROTECTED] http://arboi.da.ru FAQNOPI de fr.comp.securite http://faqnopi.da.ru/ NASL2 reference manual http://michel.arboi.free.fr/nasl2ref/ _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
