Re: nessus report
--On December 19, 2008 11:32:51 PM -0600 Richard Yang kusanagiy...@gmail.com wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx There are several ways to detect if a host is up. Responses to icmp packets is one. Almost all hosts will respond to pings unless they're prevented by a firewall. Another way is the type of response to a probe of a port. Sometimes services will respond differently if they're firewalled than if they're not listening on a particular port. Also, very few computers have no ports at all listening. For example, most unix boxes will be running syslogd and listening on port udp/514. That is the default for that daemon. Unless you reconfigured syslogd to listen on localhost only, it will respond to probes. Sometimes a host will respond to a problem with RSETs. It's very, very hard to configure a box in such a way that it's impossible to detect that it's up and running. Run sockstat and look at what's listening on your computer. Then see if you can figure out how to get it to stop listening on those ports. Paul Schmehl (pa...@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
nessus report
hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich uh, maybe because it responded? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
yes,but i dpn't know how... it looks to me that all ports are closed On Fri, Dec 19, 2008 at 9:38 PM, michael michael.copel...@gmail.com wrote: Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich uh, maybe because it responded? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
On Fri, Dec 19, 2008 at 09:32:51PM -0800, Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich I can't tell about nessus but nmap does so after discovering any open ports, TCP RST responses from closed ports or ICMP responses from your host. I believe it's similar with the nessuss. -- Best regards, Jeff () X-mas ribbon campaign /\ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
On Fri, Dec 19, 2008 at 09:41:46PM -0800, Richard Yang wrote: yes,but i dpn't know how... it looks to me that all ports are closed On Fri, Dec 19, 2008 at 9:38 PM, michael michael.copel...@gmail.com wrote: Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich uh, maybe because it responded? Check your firewall settings and run tcpdump to be sure your host not sending any replies after scan attempt. -- Best regards, Jeff () X-mas ribbon campaign /\ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
i just used tcpdump.it doesn't capture anything package On Fri, Dec 19, 2008 at 9:49 PM, Jeff Laine wtf.jla...@gmail.com wrote: On Fri, Dec 19, 2008 at 09:41:46PM -0800, Richard Yang wrote: yes,but i dpn't know how... it looks to me that all ports are closed On Fri, Dec 19, 2008 at 9:38 PM, michael michael.copel...@gmail.com wrote: Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich uh, maybe because it responded? Check your firewall settings and run tcpdump to be sure your host not sending any replies after scan attempt. -- Best regards, Jeff () X-mas ribbon campaign /\ -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
i havent tried nmap yet, but you said it also detected the remote, though no port is open? On Fri, Dec 19, 2008 at 9:42 PM, Jeff Laine wtf.jla...@gmail.com wrote: On Fri, Dec 19, 2008 at 09:32:51PM -0800, Richard Yang wrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich I can't tell about nessus but nmap does so after discovering any open ports, TCP RST responses from closed ports or ICMP responses from your host. I believe it's similar with the nessuss. -- Best regards, Jeff () X-mas ribbon campaign /\ -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
On Fri, Dec 19, 2008 at 09:57:09PM -0800, Richard Yang wrote: i havent tried nmap yet, but you said it also detected the remote, though no port is open? ICMP doesn't require any open ports. -- Jonathan Chen j...@chen.org.nz -- Opportunities are seldom labeled ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nessus report
i ran a tcpdump.bsd box is responding to arp. i guess this is fundamental, and should not be disabled thanx guys rich On Fri, Dec 19, 2008 at 9:32 PM, Richard Yang kusanagiy...@gmail.comwrote: hi, when i ran nessus against my bsd box, nessus can detect the remote host is up. i don't understand how nessus can detect it... does anyone know how it is done? thanx rich -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org