On Fri, Nov 03, 2006 at 10:28:44AM -0500, Jason Leuenberger wrote: > Just finished an internal scan, and Nessus ID 11157 fired quite a bit. I > understand that this can indeed be a false positive....but it probably > went off on 40-50% of all internal hosts.
That plugin fires if any of a select number of ports is simply open and is not running a known service. Thus, it might be a trojan or it could just as easily be a valid service that we don't (yet) know how to identify. Is there a banner reported on any of the affected hosts? Is it the same port on each host? George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
