Something just doesn't seem right here.
A review of one of these tests (dvwssr.dll) shows that one
of two things is happening:
a) Nessus is finding a web server on port 80 and getting
a legitimate HTTP response back.
b) Nessus has found a web server on some OTHER port
and found it to be a web server, and tripped these
tests.
Your test results should have shown which port the tests
were positive against. Was it port 80 or some other port?
Right now I am really betting on that you do have a web
server responding on the IP you tested. It's virtually
impossible for some of these tests to trip without
there being a webserver in operation...
Thomas
Trey Keifer wrote:
>
> Nope,
> I tried to telnet to port 80 and got a connection timeout...
>
> ----- Original Message -----
> From: "Michael Scheidell" <[EMAIL PROTECTED]>
> To: "Trey Keifer" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, March 28, 2002 3:27 PM
> Subject: Re: Numerous false positives on HTTP
>
> > > Recently I scanned a Cayman DSL router and was suprised to see numerous
> > > warnings in Nessus for cgi scripts that were supposedly accessible. I am
> > > wondering how this is possible due to the fact that the router is not
> > > running any webserver on it. A port scan revealed that, in fact, port 80
> was
> > > not even open..
> >
> > cayman router comes with a web interface installed by default.
> > you sure it isn't open?
> >
> > telnet {ipaddress} 80
> >
> > and see.
> >
> >
> > >
> > > The following were a few of the supposed existant url's...
> >
> > depends, did it return a valid 404 error? if it did not return a valid 404
> > page (ie, it asked for authentication?) you will get false positives.
> >
> > >
> > > guestbook.cgi
> > > dvwssr.dll
> > > glimpse.cgi
> > > guestbook.pl
> > > Exair search.asp
> > >
> > > Any ideas on why these tests succeeded?
> > >
> > > Thank you,
> > > --TK
> > >
> > >
> > >
> >
> > --
> > Michael Scheidell
> > SECNAP Network Security, LLC
> > (561) 368-9561 [EMAIL PROTECTED]
> > http://www.secnap.net/
> >
> >
