On Wed, 30 Apr 2008 13:39:56 -0500 "Sergio Castro" <[EMAIL PROTECTED]> wrote:
> I just ran a scan on a client's site and Nessus found this: "port > schoolbus (54321/tcp)". > AFAIK, this is a trojan Not necessarily. This port is (was?) used by a Trojan horse, this does not mean that it is currently used by this malware on your system. > yet the Nessus report does not classify it as a threat Well, trojan_horses.nasl would do that, *if* you set the paranoid mode, in which you'll have many false positive. > Is this a false positive? Errr... No. If you really have the Trojan horse, that's just the contrary: a false negative. Honestly, I think that you just found an open port, nothing more. It is hard to know without any additional information. -- http://www.bigfoot.com/~arboi http://ma75.blogspot.com/ PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91 Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
