On Sat, Jul 03, 2004 at 12:13:27AM -0700, Jay Jacobson wrote:
> Just out of curiousity, what is the criteria that makes a script flagged
> as experimental? Also, what is the process for an experimental script to
> become stable?
If a script generates false positives or alerts the average user do not
understand, it's marked as being experimental.
A good exemple is www_fingerprinting_hmap.nasl which attempts to do web
fingerprinting (which is quite a new field in itself). When it issues
that the remote web server if flagged as Apache/1.3.29 whereas it
actually is Apache/1.3.30, many people complain about this blatant
"false positive" which makes them "look bad" to the admins when the
proudly tell them that they modified the banners to hide the fact they
are still running 1.3.29.
Once we're happy with the verbosity and noisyness of such plugins,
they'll be put back in the non-experimental plugins.
> > rh_inetd.nasl launches very slow tests if "Thorough tests" is on.
>
>
> I am familiar with rh_inetd.nasl taking a long time to fully run. However,
> I think calling the option "thorough tests" may be misleading. Instead,
> maybe this option should be called "Long-Running Tests" or something like
> that.
I wanted to label it as being "slow" tests, however we have some plugins
(ie: fuzzers) that are waiting to be commited and fit more the thorough
category.
> Along those same lines, may I recommend that we also include plugin #10927
> (blackice_dos.nasl) in this category of long-running scripts. I have
> frequently witnessed this plugin taking a very long time to run (relative
> to all the other plugins), not to mention the relatively huge amount of
> bandwidth this plugin consumes.
Done, thanks!
> > "Report verbosity" is not used yet but some people complained that
> > there are too many information in their reports. "Quiet" shoudl fix
> > this, when it is used.
>
>
> Sounds good. This option currently has three possible states: verbose,
> normal, and quiet. I understand "quiet" based on your reply, and I
> understand "normal" would be the same quantity of report information
> provided today. However, what additional report information might the
> "verbose" setting provide?
It would provide messages such as "Could not log into the remote Windows
box - can't say if patch KB1234 is installed or not".
> If the report verbosity option is not currently in use in any of the
> plugins and only two verbosity states are clearly understood, maybe this
> option should only have two states: normal and quiet.
"quiet" will be used for plugins such as the fingerprinting plugins to
not display the OS signature in the report for people who don't care
about them. So we really need three levels.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
