RE: How to prevent nessus from attacking common/bogus usernames with weak/default passwords

Thu, 04 Oct 2007 12:30:57 -0700 

I am sorry but I could not figure out how to, One: specify a .nessusrc
file on the command line: Two: and more importantly, how to tell which
plug-in does what so that I can take out the bogus username scanning
plug-in. 
 
And you are absolutely right. In my unix environment, 5 invalid logins
and you are locked out, as well as any 5 break-in attempts and the
sysadmin gets a "suspicious activity" titled trouble ticket, both of
which I am trying to avoid/prevent.
 
Appreciate the help as usual.
 
Mel


________________________________

        From: Doug Nordwall [mailto:[EMAIL PROTECTED] 
        Sent: Thursday, October 04, 2007 7:55 AM
        To: Burslan, Mel
        Cc: [email protected]
        Subject: Re: How to prevent nessus from attacking common/bogus
usernames with weak/default passwords
        
        
        it's not a command line option :) you need to take your nessusrc
and put in "no" for the plugin number that you don't want to use. then
specify the nessusrc on the command line.
        
        This is also an issue for those sites that block out accounts
after failed login attempts and testing 50 passwords :) It's a six of
one, half dozen of the other problem though. 
        
        
        On 10/4/07, Burslan, Mel <[EMAIL PROTECTED]> wrote: 


                Still a nessus newbie here getting a lot of grief when I
perform a
                nessus scan and it attacks the unix servers with bogus
usernames. I know
                for a fact that, I do not have any unauthorized users
and/or weak
                passwords on my systems, as I have scripts running daily
or more 
                frequently, checking against such incidences. I do not
need nessus to
                test this vulnerability.
                
                I am launching nessus from the linux command line as
follows:
                
                /opt/nessus/bin/nessus -q nessus01 1241 adminuser
adminpasswd 
                targetservers.lst scanresults.html
                
                I do not have a chance to get to a graphical interface
to pick and
                choose what will be scanned and what not, as these
command line scan
                directives will be launched from a cron job,
periodically. 
                
                So my exact question is, how can I add a switch to this
command of mine
                to tell nesses not to do the username attacking.
                
                Thanks for all the responses in advance.
                
                Mel
                _______________________________________________ 
                Nessus mailing list
                [email protected]
                http://mail.nessus.org/mailman/listinfo/nessus
                




        -- 
        Doug Nordwall
        Unix, Network, and Security Administrator
        You mean the vision is subject to low subscription rates?!!? -
Scott Stone, on MMORPGs 


_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to