Nicolas Pouvesle wrote:
On Jun 1, 2005, at 4:06 PM, Waheed Qureshi wrote:
Hi all,
This is sort of an emergency. Running a scan against
one of our clients with "allbutdangerous" enable
causes some of their nix boxes to lock the root
account via ssh, telnet and ftp. Nothing is obvious in
the "allbutdangerous" file and per my understanding,
Nessus does not do active checks while running in the
safe mode (without dangerous plugins), so what’s going
on?
Nessus tries to logon with default password. I suspect the policy is
defined to lock account after X bad connections.
Also note that it is considered dangerous to allow administrator
accounts such as root to have "lock out" policies applied to it. M$
Windows "Administrator" account specifically has the account "lock out"
policy disabled for this very reason. If they have Windows on this
network, and claim a legal requirement to have account "lock out" on
Admin accounts, please ask to explain why this doesn't apply to the
Windows systems.
The whole point of the "lock out" policy is to try to limit the
possibility of brute-forcing passwords. If you have a good, long root
password, *this will never happen*. (please, no-one argue that a
network-based brute force will ever succeed in a real timeframe against
a good password. Not only that, but there is no reason you can't still
ALERT on failed login attempts)
Think of it this way: you have just provided a mechanism by which *any*
unprivileged network connection on your network can stop you logging in
as root - not just Nessus...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
