mailing list archives
Re: Nessus Scan
From: levinson_k () securityadmin info
Date: 15 Aug 2007 22:11:12 -0000
Can you not simply contest their finding as being baseless in fact? It wouldn't be the first time. Nessus and other
scanners always find things, especially depending on their configuration, that the auditor needs to know to disregard
as needed. Tell them where in the written policy it requires this port to be closed in order to pass. Ask them on
what basis they changed the vendor's severity rating from low to critical.
Does their scan perhaps pass through a firewall like Checkpoint that performs TCP SYN proxying in order to defend
against SYN floods? Maybe that is part of the problem? Does the OS detection reported by Nessus match the OS running
on the target host, or is it detecting the OS running on an intermediate firewall?