On Tue, Mar 04, 2003 at 03:38:27PM -0500, Michael Scheidell wrote:
> Also, I find this amusing, not for its humor value, but it tells us
> that they had unknown/undocumented vulnerabilities in several servers.
>
> Nessus gets our vote for "Most Unsafe Program to Have on Your Network." We
> not only crashed servers and clients consistently with Nessus; we even
> confused our GPS-based NTP server enough that it had to be re-FLASHed with
> new firmware.
Other amusing quotes:
* "eEye's Retina allows you to scan a host even if it doesn't respond to
ping packets."
-> Nice. Nessus does that too, but the tone implies it's not the case
* "SAINT generally did an excellent job, even finding some services that
the others missed (for example, an SMTP server hidden on port 2525)."
-> The guy is actually talking about an open port. Had he set the port
range of Nessus to be 1-65535, he would have found everything. However
apparently the author sticked to the default value of 1-1024, so
obviously port 2525 was not "found". Gee. In other news, when NOT
launching Nessus, NO vulnerabilities are found at all !
-- Renaud
