On Fri, 2004-01-09 at 12:02, Sergile, Alain (ISS Atlanta) wrote:
> Eric Good Luck,
>
> Most scanners depend on banners for revision checks, and or run
> behavioral checks (checks that can distinguish b/w an unpatched and
> patched system based on the response received)to determine version.
> ...
> I will defer to others in this group to discuses how their security
> teams manage the issue.
>
> Alain Sergile
> Internet Security Systems
>
Hi-
We will always note the false positive during the test and then go back
and verify. Either by manually checking the report or if that is not
possible due to various reasons, we will contact the admin after the
test but before generating the final report to verify.
Kevin
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------
Received on Jan 12 2004
Intro
