Wow. Nice response! Maybe my posting should be considered a "dangerous plugin" :-)
I was not suggesting there are better ways to identify Bagle. Merely that we need to be aware that it might be taken advantage of by the blackhats, and we need to be aware/be careful of this. >I do not use Nessus to find a virus, but I would damn Nessus if it told >me nothing about a particular open port. I use NMAP to find open ports, >I use Nessus to tell me about what's listening and whether or not there >are problems. >Nessus scans services for vulnerabilities. It is more than an open-port >scanner. It is more than a service-detection scanner. It sticks its >finger in HTTPD's eye to see if you get root when it winces. It is >indeed part of a toolkit but I am not clear that you understand its >role. I was not suggesting nessus is simply an open port scanner. However, HTTPD is a legitimate service. Bagle is not. >Your pontificating on what-if scenarios contemplate emasculating Nessus. >The what-ifs are dealt with when they occur, thanks to the hard work of >M. Deraison and all the others I can't name off the top of my head. If >you don't like the scan, don't run it; but until there is a detection >for bagle that does not cause bagle to shut down this is what we have. And it is fine to use it. I believe Renaud very early in this thread said it would be put in the "dangerous" class of plugins. I will probably enable it myself. I believe where you and I differ is that I prefer cleaner delineations between my tools. And when I choose to enable something dangerous, I do it intentionally (like using active response in an IDS or firewall). I believe nessus should continue to "poke in the eye" services to see what breaks. I simply do not believe this should (always) extend to malware. Consider if you already had high confidense that Bagle were present through some other plugin. Should you *then* add to this plugin to send the "disable" signal? Jim _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
