Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: chris () NETMONGER NET (Christopher Masto)
Date: Mon, 8 Feb 1999 15:39:00 -0500
On Mon, Feb 08, 1999 at 09:46:10AM -0500, Chris Brenton wrote:
Many security audit tools that I've tested would in fact say that the system is safe because SP4 has been installed. This is because instead of checking file dates, they are looking for registry keys which identify what patches have been loaded on the system.
"Testing" for some vulnerabilities means breaking in to or even crashing the system. I agree that products should make it very clear whether they're just checking for known-vulnerable versions, or actually testing for vulnerabilities. They should probably do both, with some kind of option: "This test scans for problem X by attempting to exploit it, and may cause a failure or loss of data." I suspect naive system administrators may run scanners against production systems that are in operation at the time, and would be rather suprised to see them taken out, with the ensuing Angry Phone Calls. -- Christopher Masto Director of Operations NetMonger Communications chris () netmonger net info () netmonger net http://www.netmonger.net "Good tools allow users to do stupid things." -- Clay Shirky
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Chris Brenton (Feb 08)
- FakeBo 0.3.1 & nmap Michael (Feb 08)
- Spoofed Yahoo web site - www.yaho.co.uk Paul Murphy (Feb 08)
- Re: Spoofed Yahoo web site - www.yaho.co.uk Paul McGovern (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Christopher Masto (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
- Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- <Possible follow-ups>
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)