Hmmm... I don't see how this is a security problem. Consider:
As you mentioned, with a personal firewall enabled in Windows (the default now) you will get a false negative. Any scanning for such connections will be inherently weak since you are depending on the remote host to tell you if it has a connection or not. The best way to look for this is unfortunately a bit harder. It requires that you regularly check your site for other network connections. Yes, you need to check for rogue modems (your phone provider should be able to help you with this). But it is even harder now with the availability of cheap wireless. How easy would it be for someone who wanted to to add a wireless NIC to their machine and bridge out to an external WLAN? You need to be very diligent if you have a site where you need to protect all connections to the LAN and do not trust your users. A good strategy is to treat all systems with critical data as if they were on an untrusted network. That is, harden them, monitor them (with "personal firewalls", local log monitoring, IDSs, etc.) and treat all network connections (to and from them) with care. Use authentication, encryption and audit methods wherever possible, restrict connections by IP, etc. You should probably be segmenting such data/systems with firewalled internal LAN segments so that you have good physical control over the network that has access to these machines, etc. This is simply good defense in depth. Please continue to use nessus, but realize its weaknesses (as you should every tool or technique in your kit!) Later, Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, July 05, 2005 2:14 AM To: [email protected] Subject: plugin for linux Hi, For Windows there is a plugin 10736: "Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries". In Linux can I have a plugins like this? I want know, in my LAN, who have another connection to internet (example with MODEM) or with another LAN that i cannot audit with my Firewall. In window if there isn't a personal firewall on the remote host i can ceck this with plugin 10736, but for linux nothing! This is a really security hole! Thanks. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
