Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Wed, 10 Feb 1999 19:37:07 +1100
In some mail from David LeBlanc, sie said:
At 09:46 AM 2/8/99 -0500, Chris Brenton wrote:Many security audit tools that I've tested would in fact say that the system is safe because SP4 has been installed. This is because instead of checking file dates, they are looking for registry keys which identify what patches have been loaded on the system. I personally can not say if ISS's scanners fall into the same boat, but from my testing I know many do.We check file dates when checking for NT patches, and would catch your example.
I don't see how that can be considered "adequate". However, going back to "cops" (could be considered to be the origin of such processing), it appears it performed the same evil. For .dll's and friends which are supplied with service packs, I can't see why you would not use a cryptographic checksum to ensure that the file there is what you think it is. Darren
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Chris Brenton (Feb 08)
- FakeBo 0.3.1 & nmap Michael (Feb 08)
- Spoofed Yahoo web site - www.yaho.co.uk Paul Murphy (Feb 08)
- Re: Spoofed Yahoo web site - www.yaho.co.uk Paul McGovern (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Christopher Masto (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
- Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- <Possible follow-ups>
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- sl0scan (ambiguous source portscanner) miff (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)