I'm having two problems with smtp_backdoor.nasl plugin 18931, "SMTP server on a strange port".
First, the script name is defined incorrectly. It is given as: " script_name(english: 'SMTP server on a strange port');" which shows up correctly in nessus clients but totally confuses Lightning - resulting in a blank name and being unable to view any information about the plugin. It should be defined as follows: name["english"] = "SMTP server on a strange port"; script_name(english:name["english"]); Second, we've got several FTP servers with restrictions to only allow selected hosts to connect. When nessus tries to connect (ftpserver_detect_type_nd_version.nasl plugin 10092), the banner is given as "530 Connection refused, unknown IP address." but it is correctly identified as an ftp server. 530 is a legitimate response for an FTP server as given in RFC-959, defined as "Not logged in." (combination of 5yz Permanent Negative Completion reply and x3z Authentication and accounting - Replies for the login process and accounting procedures.) However, this is being detected as an SMTP server by find_service_3digits.nasl plugin 14773, " Identifies services like FTP, SMTP, NNTP...". This then causes 18931 to complain about a "backdoor set up by crackers to send spam" which makes some people unhappy. Not sure what the best way to resolve this false positive is. Jerry Heidtke _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
