Hi chris,
using a fake ftp server which emulates anonymous ftp and logging all the
requests should do the trick.
ISS, Nessus, and all other scanners use a password for the anonymous login
which is unique.
e.g. Nessus uses "nessus@" as anonymous password, ISS "-iss_at_iss", even old
satan :-) uses "-satan@"
you can identify even webbrowsers and other security tools like amap/nmap
etc.
You can use honeyd (www.honeyd.org) for this.
Greets,
Marc
====================================================================
Marc Heuse
n.runs GmbH
Mobile Phone: +49-160-98925941
Key fingerprint = AE3F CDC0 8C7B 8797 BEAC 4BF8 EC8F E64B 0A84 EA10
====================================================================
-----Original Message-----
From: Chris Griffin [mailto:cgriffin_at_dcmindiana.com]
Sent: 02 August 2004 20:58
To: pen-test_at_securityfocus.com
Subject: nessus exceptions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
Im trying to find some good holes, that aren't major security issues,
that i can create on a machine to see if our testing company really
uses anything other than nessus.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
cC69CeYr16OsfuYu6u1oe8U=
=bGZi
-----END PGP SIGNATURE-----
Received on Aug 06 2004
Intro
