Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: cbrenton () sover net (Chris Brenton)
Date: Mon, 8 Feb 1999 09:46:10 -0500
"Mr. joej" wrote:
After some testing this is what was found. Internet Scanner only tests for this bug if it can either gain access to a shell (by guessing the telnet password), or by getting snmp access to get the IOS version information. Based upon this, Internet Scanner determines whether or not the router is vulnerable. This is WRONG.
Actually, this type of activity is a pretty common problem and is done in the interest of speed. For example take the following situation: Joe Admin installs SP4 on his NT 4.0 server Joe Admin removes and installs TCP/IP from CD Joe Admin runs a security check As we all know the above system is vulnerable. This is because the original executables and DLL's have been loaded from the original CD. Many security audit tools that I've tested would in fact say that the system is safe because SP4 has been installed. This is because instead of checking file dates, they are looking for registry keys which identify what patches have been loaded on the system. I personally can not say if ISS's scanners fall into the same boat, but from my testing I know many do. Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Chris Brenton (Feb 08)
- FakeBo 0.3.1 & nmap Michael (Feb 08)
- Spoofed Yahoo web site - www.yaho.co.uk Paul Murphy (Feb 08)
- Re: Spoofed Yahoo web site - www.yaho.co.uk Paul McGovern (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Christopher Masto (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)