Where can I find the nessusd.messages file(s) - is this enabled by default?
The packet capture idea is a good one...I'll definitely use that during the next go around. I'm gathering information now about the application and version that was affected.
On 9/19/06, George A. Theall <[EMAIL PROTECTED]> wrote:
On Tue, Sep 19, 2006 at 07:28:05PM -0400, Jason Leuenberger wrote:
> I'm working on an assessment, with Nessus 3.0.2. I have 'Safe Checks'
> chosen, and have unchecked the Denial of Service category....
It's *should be* sufficient to enable safe checks. There are plenty of
plugins in the "Denial of Service" category that work by doing a banner
check or using credentials to determine what's installed.
> I can gather more information tomorrow morning regarding the application
> that's being used. Is there a way I can find out, perhaps for next time,
> through a Nessus log that shows what time a specific IP was scanned for
> a plugin, with the associated result, whether or not it produced an alert?
Nessusd.messages normally logs when plugins are launched against a
particular target and when they finish. You could try to cross-reference
those logs against what the application on the target offers once you
determine to what extect the system clocks are in agreement. For the
next scan, if there is one, you could take a packet capture while the
scan runs to see what's directed at the application and what responses
it gives. Is it possible to run a test scan against a lab / backup system?
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
--
-->j
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
