Re: differences between plugin families?

Wed, 19 Feb 2003 12:14:56 -0800 

Michel,
        Thanks for the feedback. I can't help but wonder if I am
        explaining my question clearly. Let me try again...

        When I disable "dangerous" plugins (either by using the GUI or
        by creating a custom rc file), I'm under the impression that
        Nessus will not do anything to intentionally bring harm to the
        remote host (or services on it). 

        However, I'm starting to see that I can't rely on this approach
        to deliver this since there appear to be plugins that attempt to
        bring down something on the remote host.

        I know I'm starting to sound like a pointy haired manager when I
        ask if there is a way to do a "non-intrusive" scan, but this is
        what's being asked of me from my manager :(

        Is there a way to exclude ALL plugins that could potentially
        bring down a remote host or a service that is running on it?

        Best,
        Adam


" "Adam Kosmin" <[EMAIL PROTECTED]> writes:
" 
" >     Can someone provide a description of the different plugin
" >     families that are currently being used in 1.2.7
" 
" Although this does not concern Nessus 1.2.7, this may help:
" 
" >     The reason I'm asking for these descriptions is that I need to
" >     understand why some plugins that belong to non 'denial of
" >     service' families appear to crash remote servers/services.
" 
" Because they test buffer overflows or format strings?
" 
" >     An example of this type of behavior would be the Weblogic DoS
" >     plugin which belongs to the "Remote File Access" family.
" 
" An error? Or maybe it allows to execute arbitrary code?
" 
" > This plugin remains enabled when "Enable all but dangerous plugins"
" > is clicked
" 
" 1. When you click this button, plugins are selected according to their
"    _categories_, not _families_.
" 2. This should not happen, as it is marked as "ACT_DENIAL".
" 3. You'd better use "safe checks" than "Enable all but dangerous
"    plugins"
" 
" >     However, I'm being stoned by my
" >     management for killing these remote services when I swear to him
" >     that I'm not doing "intrusive" scans.
" 
" There is no such things as "non intrusive scans".
" Read nessus-core/doc/WARNING.En
" 
" -- 
" mailto:[EMAIL PROTECTED]
" GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
" http://michel.arboi.free.fr/  http://arboi.da.ru/
" FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/

-- 
"Silly hacker, root is for administrators"
        - Unknown

GnuPG Key : 11C2 79F6 BD3D 3A86 5640  3DA0 3860 B30E 711D 3B66

Attachment: msg03682/pgp00000.pgp
Description: PGP signature

Reply via email to