On Aug 29, 2006, at 11:14 PM, Clinton Watson wrote:
This plugin seems to be generating false positives when used in
conjunction with other firewall checks.
In particular, if another check running at the same time as 10114
returns an Administratively Prohibited (Type: 3 Code: 10) ICMP
response,
it is giving a positive response to the ICMP timestamp plugin. When
used
by itself, the vulnerability does not show up on servers which are
actively blocking ICMP type 13 and Response type 14.
A TCPdump of the plugin scan attempt captures no timestamp information
whatsoever in either the scan test or the Type 3 response which
generates the false positive.
Please send me the tcpdump of the scan attempt, as the logic of the
plugin should not create any FP.
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
