Nope,
I tried to telnet to port 80 and got a connection timeout...
----- Original Message -----
From: "Michael Scheidell" <[EMAIL PROTECTED]>
To: "Trey Keifer" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, March 28, 2002 3:27 PM
Subject: Re: Numerous false positives on HTTP
> > Recently I scanned a Cayman DSL router and was suprised to see numerous
> > warnings in Nessus for cgi scripts that were supposedly accessible. I am
> > wondering how this is possible due to the fact that the router is not
> > running any webserver on it. A port scan revealed that, in fact, port 80
was
> > not even open..
>
> cayman router comes with a web interface installed by default.
> you sure it isn't open?
>
> telnet {ipaddress} 80
>
> and see.
>
>
> >
> > The following were a few of the supposed existant url's...
>
> depends, did it return a valid 404 error? if it did not return a valid 404
> page (ie, it asked for authentication?) you will get false positives.
>
> >
> > guestbook.cgi
> > dvwssr.dll
> > glimpse.cgi
> > guestbook.pl
> > Exair search.asp
> >
> > Any ideas on why these tests succeeded?
> >
> > Thank you,
> > --TK
> >
> >
> >
>
> --
> Michael Scheidell
> SECNAP Network Security, LLC
> (561) 368-9561 [EMAIL PROTECTED]
> http://www.secnap.net/
>
>
