[NTLUG:Discuss] linux based security tool...recommendation
Chris Cox
cjcox at acm.org
Tue Jan 13 17:18:34 CST 2004
MadHat wrote:
...snip..
>
> nmap is great and will do a great job of telling you what ports you have
> open and in many cases what is listening, but will not tell you if the
> daemon listening is vulnerable or not. Even if you find out you have
> BIND 4.9.2, you still ahve to search securityfocus.com or do google
> searches and find info on the vulnerability, then see if you can find a
> way to exploit it to test if you are vulnerable to attack. Nessus will
> use nmap and run scans on what it finds open. Unfortunately there are
> a lot of false positives with nessus. Some of the nasl scripts are
> written poorly and ahve hard coded ports, for example, so even though it
> is a web server running on port 25, it tries running sendmail vulns, or
> if sendmail is running on port 80, it will runn the sendmail vuln on
> port 25 whether or not it is open. But I digress.
>
ISS scanner has some of the same problems though... just can't
be perfect. I think nessus is just as good ... of course
it doesn't cost $$$$$$ like ISS does.
More information about the Discuss
mailing list