Security Basics mailing list archives

RE: vulnerabilities from pcap file

From: Sheldon Malm <Sheldon_Malm () rapid7 com>
Date: Mon, 6 Dec 2010 10:46:14 -0500

Another solution by Sourcefire - RNA - provides this kind of capability.  It is commonly referred to in the industry as 
"passive vulnerability scanning".  I would recommend checking out their RNA technology ... you'll be able to combine 
the data from RNA with IDS (assuming you're using Sourcefire), providing some helpful correlation.

While RNA will not provide the more comprehensive, active vulnerability scanning that you get from solutions like 
NeXpose, nessus, etc., it does provide some insight to host-based exposure that is not subject to scan windows, etc.

You may also want to consider a combined approach of active and passive vulnerability scanning.  Along with RNA, you 
can download a copy of NeXpose Community Edition for free from the Rapid7 website to cover the active scanning 
component.



I hope this helps.


Sheldon Malm
Rapid7


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Maverick
Sent: Saturday, December 04, 2010 2:19 AM
To: Srinivas Naik
Cc: security-basics () securityfocus com
Subject: Re: vulnerabilities from pcap file

But snort doesn't detect vulnerabilities on the host it just detects
intrusions so won't work for vulnerabilities detection on hosts.

On Fri, Dec 3, 2010 at 11:07 PM, Srinivas Naik <naik.srinu () gmail com> wrote:

One way is to setup a snort testbed and replay the capture files.

Next Observe the Logs...

Hope this helps you.

Cheers,
Srinivas Naik

On Sat, Dec 4, 2010 at 12:33 AM, Maverick <myeaddress () gmail com> wrote:


Hi All,
Is there any tool that can detect vulnerabilities that exist on hosts
by looking at the pcap captures of their traffic.

Thanks
MAK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

vulnerabilities from pcap file Maverick (Dec 03)
- Message not available
  - Re: vulnerabilities from pcap file Maverick (Dec 06)
    - RE: vulnerabilities from pcap file Sheldon Malm (Dec 06)
- Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
  - RE: vulnerabilities from pcap file Josh Siok (Dec 06)
    - Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
    - Re: vulnerabilities from pcap file Maverick (Dec 07)
    - Re: vulnerabilities from pcap file Erik Waher (Dec 07)