funsec mailing list archives
Re: so, is I[dp]S a STUPID technology?
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 12 Oct 2005 16:08:38 -0500
--On Tuesday, October 11, 2005 20:03:46 -0400 Valdis.Kletnieks () vt edu wrote:
I doubt we have as many live nodes as you do. Somewhere in the neighborhood of 10,000 or so, not counting the student residence halls (which is an untrusted, firewalled cloud.)On Tue, 11 Oct 2005 17:13:35 CDT, Paul Schmehl said:If you can recommend an *enterprise* capable vulnerability scanner (IOW one that I can schedule massive scanning events for a class A *and* class B network and then go look at the results when I have time)How much of that class A is *actually* used? Your site can't be *that* much bigger than ours, and we fit (mostly) into 2 /16s.
And I'd be pretty dumb too, wouldn't I? But seriously, even scanning live nodes takes time, and scanning 10,000 of them takes a *lot* of time.If you insist on scanning 2**24 addresses to find 2**16 hosts, that's your business. But you're working 256 times too hard. ;)
There was this nice Nessus framework from Purdue, I don't have the URL handy at the moment. Basically had a front end box that load-balanced across a bunch of Nessus scanning engines. Costs twice as much as the base Nessus. ;)
You mean *used to*. Nessus isn't free any more. I'll rummage around on the Purdue site. But you should know that tools aren't the only problem. Time is too. There's only two of us doing this work, and va isn't our only responsibility.
How many bodies do you have in security? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: so, is I[dp]S a STUPID technology?, (continued)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Message not available
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Robert Edmonds (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Eduardo Tongson (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Barrie Dempster (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 13)