I'm finding more and more reports of ports open at the beginning of a scan are closed during the scan. The problem, in my case, is the cisco routers that the scans pass through all have the cisco fw/ips feature set enabled. It appears that one sub-optimal approach would be going to each segment I want to do and setting up nessus "scanning" machine. That's not something I want to do. Is there any plans for obfuscating the attack signatures, randomly? Also a low and slow 3 or 4 day scan may be helpful for scanning, at least but that might be helpful in too in other ids evasion. So, really, I'm wondering how tenable may be approaching the whole ids evasion/insertion idea. There are likely certain limitations of the Cisco FW/IDS featureset that may be used against it.
Wayne Dawson This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error, please delete this email from your system. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
