Renaud Deraison wrote:
The bottom line is that any active scanner (even just a port scanner) can and will crash some services or devices. The reason is very simple: the scanner interacts with another piece of software, and if the other piece of software has not been written in a very solid way, then that little talk triggers bugs which result in a crash.
Why not keep a database in nessus.org (a wiki?) in which people could post this information. I sent a mail a few years back [1] to the nessus-users mailing list recapping some of the mails that had been sent to it regarding crashes. Maybe it's time this information is made public and maintained in a public database.
That would benefit Nessus users in the end since they could skim the list before a scan and remove systems from their scan that are known to "overreact" (i.e. crash).
So, how about a database that lists:
- Software - Vendor - Crash type - Sympton - Crashes with Safe Checks? - Crashes with DoS?
If the database was public, vendors could add their own software to the list :-)
What we observed is that the most sensitive systems are the ones which are never audited - an interesting but sad paradox indeed.
True, but this also shows a tendency change. A few years back companies only audited the external permiter for security issues, now the permiter has been audited N times and most are looking into auditing their internal systems. That's why many people are starting to see this as a problem.
Regards
Javier
[1] "List of Hardware/Software that might crash/fail to work after a Nessus scan"
http://mail.nessus.org/pipermail/nessus/2003-December/msg00060.html
Message-ID: <[EMAIL PROTECTED]>
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
