On Thu, Jun 30, 2005 at 06:53:00PM +0100, João Vilela wrote: > I would like to know if the ssh related options in the .nessusrc config > file are only used for local security checks or if they are also used by > other plugins.
As far as I know, they're only used for local checks currently. > I would also like to know what kind of interference do the several > protocols (e.g. http, nntp, imap, etc) user and password definitions > have on the scanning results. I've checked the "nessus network auditing" > book and from there I could understand the influence of the smb related > fields. What about those other? Are they very important? What kind of > things is Nessus supposed to catch by the use of them? Authentication credentials are sometimes required to determine the version of the installed software and/or actually exploit a flaw. Thus, Nessus won't be able to determine if you're vulnerable to certain flaws if you don't provide valid credentials. As for their importance, it's impossible to provide a general answer; some, though, do involve remote code execution in highly popular products. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
