From: [EMAIL PROTECTED]This thread died, I'd like to revive it. What is the difference between "enable all but dangerous" and enabling "safe checks"? Is there any thing in the scripts that will tell me what changes if I enable safe checks for a particular plugin? Currently I use a testbed to determine safety and sometimes I don't have the app availble to test on. This is important when I am doing reactive network testing, like say our IDS is picking up major scans for a particular exploit and I want to do a targeted check of our resources...it would enable a shorter turnaround to be able to look at the script and know the answer.
This begs two related questions:
How can we confidently construct the least vicious, yet most productive
scans ?
Is category helpful in making these determinations ?
e.g., what confidence do we have that ACT_ATTACK and ACT_MIXED_ATTACK
plugins
will not bring down a service or the machine that runs the service being
tested ?
I think a review of the meaning of each category, and how and whom category
is set,
would be most informative.
Knowing that, which clues in the plugin name help us to understand that
certain checks may take a very long time to complete (e.g., those whose name
includes "enumerate" or "brute-force" are likely to take a long time) ?
And, in ref to what Michael has asked: if I'm not sure what the plugin is doing and it is labeled ACT_ATTACK or MIXED, etc. it doesn't really clue me if the attack is dangerous or not, only really tells me that it actually exploits the vuln somehow. Soooo, can we have a comment or some other identifier for the plugins that are *likely* to bring down a service?
A related question, I have convinced my folks to use Nessus and they are confused about duplicate results; in many instances there is a *completely* safe check that relies on a banner grab to identify a vuln and then there is another check that actually executes an exploit to identify it. My assumption was that if I select both and enable safe checks, only the banner grabbing plugin would execute. However, my results seem to indicate that both of them do, giving me the same results twice. When I do these scans I also enable dependencies so I am guessing that "safe checks" don't have any linkage to the dependencies? I am also wondering if it might be useful to do a plugin review for duplicious scripts...
thanks for any input,
~Diana
_________________________________________________________________
Unlimited Internet access -- and 2 months free!� Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
