Home page logo

basics logo Security Basics mailing list archives

Re: Nessus Scan
From: levinson_k () securityadmin info
Date: 15 Aug 2007 22:11:12 -0000

Can you not simply contest their finding as being baseless in fact?  It wouldn't be the first time.  Nessus and other 
scanners always find things, especially depending on their configuration, that the auditor needs to know to disregard 
as needed.  Tell them where in the written policy it requires this port to be closed in order to pass.  Ask them on 
what basis they changed the vendor's severity rating from low to critical.

Does their scan perhaps pass through a firewall like Checkpoint that performs TCP SYN proxying in order to defend 
against SYN floods?  Maybe that is part of the problem?  Does the OS detection reported by Nessus match the OS running 
on the target host, or is it detecting the OS running on an intermediate firewall?

kind regards,
Karl Levinson

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]