mailing list archives
[PEN-TEST] NetRecon Assessment Tool
From: Jerry Dixon <jerry () JDIXON COM>
Date: Sat, 2 Sep 2000 13:15:06 -0400
I just finished up running a vulnerability assessment on a Class C using
Netrecon. It gave me several false positives indicating trinoo and mstream
trojans being installed on several boxes. We ended up running NMAP and did
not find the ports that are associated with these trojans to be there. We
also did a manual system integrity check of the servers as well just to
confirm that we were getting false positives.
After going through our manual process of validating that these systems were
not infected we ran the Netrecon scan against the ten identified hosts and
did not find the trojans. So we decided to run the scan against the Class C
again and then got the same false positives.
I would be very curious if others have had this same experience with the
tool when scanning Class C networks versus scanning ten or so boxes at a
The moral of the story is, don't rely on one tool but use many that are
either freely available or commercially to paint the real picture of what
vulnerabilities maybe lurking with in your infrastructure.
Again, I would be interested in heaing some additional feedback. I did
contact Axent's tech support but they we're pretty non-responsive and was
informed we would not hear back until next week.
- [PEN-TEST] NetRecon Assessment Tool Jerry Dixon (Sep 02)