I don't recall for sure whether or not Veritas Netbackup even utilizes ports in the 8000 range. I could be mistaken. May I suggest using a utility such as process explorer http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer. mspx to examine the processes in question directly from the server console. It may be that the service fingerprint very closely matches that of what Nessus is reporting. Process Explorer is a great utility, for windows, for examining exactly what application is using what ports.
I believe it's almost always necessary, in the interest of a thorough audit, to follow-up with the administrator or work directly from the console to eliminate any false positives or false negatives. You wouldn't want that information ending up in your final audit report if it is not 100% correct within reason. Alternately, you can use NMAP to perform an aggressive service fingerprint on those ports. That may also add some perspective to the problem. Good luck. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric van Straten Sent: Tuesday, July 10, 2007 3:53 PM To: [email protected] Subject: pcsync-https Hello, With a recent scan of a new server (Windows 2003) running Veritas NetBackup Operations Manager we are finding many results with either High or Medium severity. We have been beating our heads up against the issue looking for where all of these results are coming from and can not find what application may possibly be giving these results. For example Nessus is reporting that BID:11009 - PhotoADay is on the server is running on port 8443... yet we can not find it. For example Nessus is reporting that BID8288 - Gallery web-based photo album is running on port 8443 ...yet we can not find it ...and MANY others... I realize that I may not be providing as much information as needed to troubleshoot; but, I'm stumped enough that I'm not sure where to even start after this point. Nessus: v3.0.5 for linux Client: Nessus Console for Windows NT/2000/XP v1.4.5 We have contacted the vendor of the product (Veritas) and they are saying that they have not buried all of these products in their software which is running on the same ports as listed as vulnerable. I look forward to some guidance as we learn to use Nessus more and more! Thanks, eric ________________________________ Ready for the edge of your seat? Check out tonight's top picks <http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/> on Yahoo! TV.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
