Hi Thanks for info, and one more thing
I am using Windows XP , Intel pentium 2.8Ghz (Duel core) , 2 GB Ram where lInux Machine is 2.6 Ghz (Duel Core), 256 Mb Ram, RedHat Linux 9.0 Please confirm the usage of Nessus on Windows , with out having Nessus Tcp Scanner Option. Both on linux & windows can be continued , need any updates please help me on this issue Regards Srikanth On Wed, Sep 10, 2008 at 9:30 PM, <[EMAIL PROTECTED]> wrote: > Send Nessus mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.nessus.org/mailman/listinfo/nessus > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Nessus digest..." > > > Today's Topics: > > 1. Re: Regarding Nessus tool on Windows (Ron Gula) > 2. Re: Regarding Nessus tool on Windows (Michel Arboi) > 3. plug-in for blank telnet password (Mandal, Rakesh) > 4. RE: plug-in for blank telnet password (Mandal, Rakesh) > 5. Plugin ID 11138 - Citrix published applications (Steve Templists) > 6. Re: Plugin ID 11138 - Citrix published applications > (George A. Theall) > 7. Re: plug-in for blank telnet password (YARICK) > > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 10 Sep 2008 08:32:10 -0400 > From: Ron Gula <[EMAIL PROTECTED]> > Subject: Re: Regarding Nessus tool on Windows > Cc: "[email protected]" <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi there, > > Are your Nessus installs for Windows and Linux both on the same type of > hardware, or does your Linux scanner run in a VM? > > Also, since you mentioned your Linux client was older, I am curious > if you are using an older version of Nessus (Nessus 2). If so, it is > much slower than Nessus 3. > > Ron Gula > Tenable Network Security > > Srikanth Rakuditi wrote: > > Hi All, > > > > This is Srikanth, I was installed Nessus tool on Windows and Linux , > Linux one is bit older one (Nessus Client V1.02) & Windows having newer > version (Nessus Client V3.2.1.1) > > > > I was Configured Same Configurations both in Linux & windows . > > > > Below Two Options are not available in windows > > > > In Options Tab > > --------------------- > > 1) Exclude top-level domain wildcard host > > > > in Advanced Tab > > ------------------------ > > 2 ) "Nessus TCP Scanner" pull down menu is not existing. > > > > > > issue 1 : If above two options are required , how to update the tool > > ------------ > > > > issue 2 : > > ------------ > > > > While I am running the Nessus tool on Linux it took more than 3 hrs > time > > Where in Windows it's taking only 20 to 25 min's > > > > Why it's taking less time in windows , what are the dependencies any > extra plugins are required, any other dependencies on windows. > > Where I Was using Windows XP, IE 7.0 Browser. > > > > Please help me on this ASAP. > > > > Regards > > Srikanth > > > > > > > > > > > > > > ________________________________ > > "DISCLAIMER: This message is proprietary to Aricent and is intended > solely for the use of the individual to whom it is addressed. It may contain > privileged or confidential information and should not be circulated or used > for any purpose other than for what it is intended. If you have received > this message in error,please notify the originator immediately. If you are > not the intended recipient, you are notified that you are strictly > prohibited from using, copying, altering, or disclosing the contents of this > message. Aricent accepts no responsibility forloss or damage arising from > the use of the information transmitted by this email including damage from > virus." > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > ------------------------------ > > Message: 2 > Date: Wed, 10 Sep 2008 14:43:37 +0200 > From: Michel Arboi <[EMAIL PROTECTED]> > Subject: Re: Regarding Nessus tool on Windows > To: [email protected] > Cc: Srikanth Rakuditi <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-15" > > On Tuesday 09 September 2008 14:52:40 Srikanth Rakuditi wrote: > > 2 ) "Nessus TCP Scanner" pull down menu is not existing. > > This scanner does not exist on Windows. It would be very slow on Windows XP > SP2. > > > ------------------------------ > > Message: 3 > Date: Wed, 10 Sep 2008 08:49:33 -0400 > From: "Mandal, Rakesh" <[EMAIL PROTECTED]> > Subject: plug-in for blank telnet password > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > > > I am Rakesh and we have installed Nessus 3 for scanning our network. Can > anyone tell me which plug-in I need to select to scan for blank telnet, > FTP, SQL, IIS, WEB server passwords... > > > > Please help me on this ASAP. > > > > > > Rakesh Mandal. > Email: [EMAIL PROTECTED] > > > > <mailto:[EMAIL PROTECTED]> > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20080910/ce7edbc0/attachment-0001.html > > ------------------------------ > > Message: 4 > Date: Wed, 10 Sep 2008 10:36:56 -0400 > From: "Mandal, Rakesh" <[EMAIL PROTECTED]> > Subject: RE: plug-in for blank telnet password > To: <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > That's not the way Nessus is design to work you have thousand of plug-in > each for specific use. Any it's not advisable to select all the plug-in > as it might kill some of your server by intense scanning ...... > > So request you to let me know if you know specific plug-in for the blank > telnet , FTP etc.... password. > > > > Rakesh Mandal. > Email: [EMAIL PROTECTED] > > > > <mailto:[EMAIL PROTECTED]> > > _____ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of YARICK > Sent: Wednesday, September 10, 2008 10:30 AM > To: Mandal, Rakesh > Subject: Re: plug-in for blank telnet password > > > > i suggest to select all the plugins and nessus will only run applicable > ones to the hosts detected. > > > > On Wed, Sep 10, 2008 at 8:49 AM, Mandal, Rakesh <[EMAIL PROTECTED]> > wrote: > > Hi, > > > > I am Rakesh and we have installed Nessus 3 for scanning our network. Can > anyone tell me which plug-in I need to select to scan for blank telnet, > FTP, SQL, IIS, WEB server passwords... > > > > Please help me on this ASAP. > > > > > > Rakesh Mandal. > Email: [EMAIL PROTECTED] > > > > <mailto:[EMAIL PROTECTED]> > > > > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > > > > -- > --Yarick Tsagoyko > > Advisory Notice: Email is covered by the Electronic Communications > Privacy Act and is legally privileged, but inherently insecure. Content > may be subject to alteration: email addresses may incorrectly identify > the sender. This email transmission, and any documents, files, or > previous email messages attached to it may be privileged and > confidential, and are intended only for the use of the recipient(s) > named in the address field. If the reader of this message is not an > intended recipient, or the employee or agent responsible to deliver it > to the recipient, you are hereby notified that any dissemination, > distribution, or copying of this message or its contents is strictly > prohibited. If you have received this message in error, please notify me > by telephone or return email and delete it and any attachments from your > computer. Thank you. > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20080910/5b4e1333/attachment-0001.html > > ------------------------------ > > Message: 5 > Date: Wed, 10 Sep 2008 11:05:07 -0400 > From: "Steve Templists" <[EMAIL PROTECTED]> > Subject: Plugin ID 11138 - Citrix published applications > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Does anyone know how/if this vulnerability can be prevented? The plugin > doesn't provide any recommendations and I don't have access to a Citrix > server (this was found on a clients network) to develop any of my own. > Also, the risk factor is a "Medium" but doesn't say the CVV2 style rating, > would this still be a medium with the new rating system? > > BTW..The link for more information is no longer valid. The new link is: > http://sh0dan.org/oldfiles/hackingcitrix.html > > I'd love to be able to provide my client with better information than what > is provided above if anyone can help. > > Thanks. > Steve > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20080910/5d9726dd/attachment-0001.html > > ------------------------------ > > Message: 6 > Date: Wed, 10 Sep 2008 11:20:43 -0400 > From: "George A. Theall" <[EMAIL PROTECTED]> > Subject: Re: Plugin ID 11138 - Citrix published applications > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > On Sep 10, 2008, at 11:05 AM, Steve Templists wrote: > > > Does anyone know how/if this vulnerability can be prevented? The > > plugin doesn't provide any recommendations and I don't have access > > to a Citrix server (this was found on a clients network) to develop > > any of my own. > > I don't off-hand, but notice that the hackingcitrix document includes > a section entitled "Securing Citrix" with some tips. > > > Also, the risk factor is a "Medium" but doesn't say the CVV2 style > > rating, would this still be a medium with the new rating system? > > Yes. > > > BTW..The link for more information is no longer valid. The new link > > is: http://sh0dan.org/oldfiles/hackingcitrix.html > > Thanks. I'll update the plugin shortly with the new link, a CVSS > score, and revise the description to agree with our more recent plugins. > > George > -- > [EMAIL PROTECTED] > > > > > > ------------------------------ > > Message: 7 > Date: Wed, 10 Sep 2008 11:26:06 -0400 > From: YARICK <[EMAIL PROTECTED]> > Subject: Re: plug-in for blank telnet password > To: "Mandal, Rakesh" <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="windows-1252" > > I am sorry, but it is my understanding that nessus scans a server without > crashing it ( given you have SAFE CHECKS enabled ) and then determines > which > plugins are appropriate to run against the given host. For example AIX or > CISCO plugins will not run against a microsoft based host. > > you are welcome to search for a specific plugin on www.nessus.org/plugins > which is a very nice search facility for a given plugin by name in > description, for example a word 'telnet' > > also, there is a facility to use NASL script language to write your own > checks for specific things like you are talking about. please post them on > this list once you do. > > > > On Wed, Sep 10, 2008 at 10:36 AM, Mandal, Rakesh <[EMAIL PROTECTED]> > wrote: > > > That's not the way Nessus is design to work you have thousand of plug-in > > each for specific use. Any it's not advisable to select all the plug-in > as > > it might kill some of your server by intense scanning ?? > > > > So request you to let me know if you know specific plug-in for the blank > > telnet , FTP etc?. password. > > > > > > > > Rakesh Mandal. > > Email: [EMAIL PROTECTED] > > > > > > > > <[EMAIL PROTECTED]> > > ------------------------------ > > > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > > Behalf Of *YARICK > > *Sent:* Wednesday, September 10, 2008 10:30 AM > > *To:* Mandal, Rakesh > > *Subject:* Re: plug-in for blank telnet password > > > > > > > > i suggest to select all the plugins and nessus will only run applicable > > ones to the hosts detected. > > > > On Wed, Sep 10, 2008 at 8:49 AM, Mandal, Rakesh <[EMAIL PROTECTED]> > > wrote: > > > > Hi, > > > > > > > > I am Rakesh and we have installed Nessus 3 for scanning our network. Can > > anyone tell me which plug-in I need to select to scan for blank telnet, > FTP, > > SQL, IIS, WEB server passwords? > > > > > > > > Please help me on this ASAP. > > > > > > > > > > > > Rakesh Mandal. > > Email: [EMAIL PROTECTED] > > > > > > > > <[EMAIL PROTECTED]> > > > > > > > > > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > > > > > > > -- > > --Yarick Tsagoyko > > > > Advisory Notice: Email is covered by the Electronic Communications > Privacy > > Act and is legally privileged, but inherently insecure. Content may be > > subject to alteration: email addresses may incorrectly identify the > sender. > > This email transmission, and any documents, files, or previous email > > messages attached to it may be privileged and confidential, and are > intended > > only for the use of the recipient(s) named in the address field. If the > > reader of this message is not an intended recipient, or the employee or > > agent responsible to deliver it to the recipient, you are hereby notified > > that any dissemination, distribution, or copying of this message or its > > contents is strictly prohibited. If you have received this message in > error, > > please notify me by telephone or return email and delete it and any > > attachments from your computer. Thank you. > > > > > > -- > --Yarick Tsagoyko > > Advisory Notice: Email is covered by the Electronic Communications Privacy > Act and is legally privileged, but inherently insecure. Content may be > subject to alteration: email addresses may incorrectly identify the sender. > This email transmission, and any documents, files, or previous email > messages attached to it may be privileged and confidential, and are > intended > only for the use of the recipient(s) named in the address field. If the > reader of this message is not an intended recipient, or the employee or > agent responsible to deliver it to the recipient, you are hereby notified > that any dissemination, distribution, or copying of this message or its > contents is strictly prohibited. If you have received this message in > error, > please notify me by telephone or return email and delete it and any > attachments from your computer. Thank you. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20080910/ce35422f/attachment-0001.html > > ------------------------------ > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > End of Nessus Digest, Vol 59, Issue 7 > ************************************* >
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
