Is there a plugin anyone has created that will send an alert if the Symantec Version is not the latest one? There are some serious vulnerabilities in the earlier versions however the only plugin I see simply checks to see if a password vulnerability exists that was in versions prior to 5.x
Thanks, Daryl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 30, 2007 12:00 PM To: [email protected] Subject: Nessus Digest, Vol 39, Issue 24 Send Nessus mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://mail.nessus.org/mailman/listinfo/nessus or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Nessus digest..." Today's Topics: 1. Nessus and Windows XP,Internet Explorer and Firefox (Michele Costantino) 2. Local Administrator vs. Local Account with Administrative Privledges (Beau Nuanes) 3. Error with internet explorer... (Michele Costantino) 4. Source Code of Plugins (Michael Wisniewski) 5. Re: Source Code of Plugins (Doug Nordwall) 6. RE: Error with internet explorer... (John Scherff) 7. Re: Source Code of Plugins (Renaud Deraison) 8. altering nessus knowledge base files (Sk8board Kid) 9. Scanning external-lan computer, no results? (Michele Costantino) 10. Re: altering nessus knowledge base files (Doug Nordwall) 11. Re: Scanning external-lan computer, no results? (Doug Nordwall) 12. Re: Scanning external-lan computer, no results? (Richard Moore) 13. Re: Scanning external-lan computer, no results? (Doug Nordwall) 14. Re: Scanning external-lan computer, no results? (Javier Fern?ndez-Sanguino) 15. Re: Scanning external-lan computer, no results? (Doug Nordwall) ---------------------------------------------------------------------- Message: 1 Date: Mon, 29 Jan 2007 21:54:03 +0100 From: "Michele Costantino" <[EMAIL PROTECTED]> Subject: Nessus and Windows XP,Internet Explorer and Firefox To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Since the latest Nessus release won't work with Internet Explorer 7 (And 6 with all the patches), i decided to install FireFox and set it as the default browser in Windows XP. It does't work neither with FireFox! I get this message once fired up: Script Error Line: 32 Character: 4 Error: Method or property not supported by the object Bla bla bla (It's a translation..i get the message in italian and not in english). Sorry for my bad english!!! Any way of making Nessus work in windows xp? ------------------------------ Message: 2 Date: Mon, 29 Jan 2007 17:02:42 -0700 From: "Beau Nuanes" <[EMAIL PROTECTED]> Subject: Local Administrator vs. Local Account with Administrative Privledges To: Nessus <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Hello, I have been scanning 2 Windows 2000 hosts in a test environment recently and noticed that when I supply credentials for the local "Administrator" account I get very limited results (known holes that are on the machine do not show up on the report for the scan). However, if I then create a user on the machines with administrative privledges (ie in the administrator group) and use those credentials I get the expected results from the scan. Is it not possible to actually use the local "Administrator" account with Nessus? Thanks in advance for the help. Beau Nuanes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070129/c2fc56de/attachment.html ------------------------------ Message: 3 Date: Mon, 29 Jan 2007 14:42:25 +0100 (CET) From: "Michele Costantino" <[EMAIL PROTECTED]> Subject: Error with internet explorer... To: [email protected] Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain;charset=iso-8859-1 I've downloaded and installed nessus onwindows xp. I get the below error with internet explorer , so i changed the default brower to firefox, but the error persists. Line:152 Char:5 Error: Automation server can't create object Code:0 URL: res://C:\Program Files\Tenable\Nessus\HTML.dll/scantarget.htm Any suggestion? ------------------------------ Message: 4 Date: Mon, 29 Jan 2007 10:58:33 -0600 From: "Michael Wisniewski" <[EMAIL PROTECTED]> Subject: Source Code of Plugins To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi! Just wondering if anybody knows what happened to the source code of the plugins on the nessus site. You use to be able to view all the non-direct feed source code, and now it doesn't seem like you are able to. Did I miss something? Thanks, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070129/c4347264/attachment.htm ------------------------------ Message: 5 Date: Mon, 29 Jan 2007 20:02:25 -0500 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: Source Code of Plugins To: "Michael Wisniewski" <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" not sure. i noticed the other day the url changed. perhaps a migration to a new format to make sure the code only goes to those who actually download it? On 1/29/07, Michael Wisniewski <[EMAIL PROTECTED]> wrote: > > Hi! > > Just wondering if anybody knows what happened to the source code of > the plugins on the nessus site. You use to be able to view all the > non-direct feed source code, and now it doesn't seem like you are able to. > Did I miss something? > > > Thanks, > Mike > > > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070129/5c9cbbd8/attachment.htm ------------------------------ Message: 6 Date: Mon, 29 Jan 2007 19:49:30 -0800 From: "John Scherff" <[EMAIL PROTECTED]> Subject: RE: Error with internet explorer... To: <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Why would anybody do this? Why aren't you using NessusGUI.exe? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michele Costantino Sent: Monday, January 29, 2007 5:42 AM To: [email protected] Cc: [EMAIL PROTECTED] Subject: Error with internet explorer... I've downloaded and installed nessus onwindows xp. I get the below error with internet explorer , so i changed the default brower to firefox, but the error persists. Line:152 Char:5 Error: Automation server can't create object Code:0 URL: res://C:\Program Files\Tenable\Nessus\HTML.dll/scantarget.htm Any suggestion? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus ------------------------------ Message: 7 Date: Tue, 30 Jan 2007 09:15:07 +0100 From: Renaud Deraison <[EMAIL PROTECTED]> Subject: Re: Source Code of Plugins To: Michael Wisniewski <[EMAIL PROTECTED]>, Nessus List <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Jan 29, 2007, at 5:58 PM, Michael Wisniewski wrote: > Hi! > > Just wondering if anybody knows what happened to the source > code of the plugins on the nessus site. You use to be able to view > all the non-direct feed source code, and now it doesn't seem like > you are able to. Did I miss something? www.nessus.org is currently running on our replicated server while the main box is being moved. The replicated system is almost as functional as the main site, except for the source code of the plugins (and bugs.nessus.org and cgi.nessus.org are down). Hopefully, everything will be back to normal next thursday sorry for the inconvenience, -- Renaud ------------------------------ Message: 8 Date: Tue, 30 Jan 2007 10:40:59 +0000 From: "Sk8board Kid" <[EMAIL PROTECTED]> Subject: altering nessus knowledge base files To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I would like to launch nessus from the command line using my nessus server on 127.0.0.1 in linux but would like it to skip the portscanning and use a list of ports that i specify instead. I thought I could create a kb in /opt/nessus/var/nessus/users/nessus/kbs/127/0/0/127.0.0.1 with the following content: 1170151262 3 Launched/10180=1 1170151262 3 Launched/10335=1 1170151262 3 Ports/tcp/80=1 1170151262 3 Ports/tcp/443=1 1170151262 3 Host/scanned=1 1170151262 3 Host/scanners/nessus_tcp_scanner=1 drwx------ 2 root root 4096 Jan 30 10:23 . drwx------ 3 root root 4096 Jan 29 15:04 .. -rw-r----- 1 root root 193 Jan 30 10:21 127.0.0.1 although the scan seems to work as expected, the kbs file is not updated with the scans results. If i remove the file nessus runs from scratch saving it's kb with all the info. Is there another way to do get the desired effect? Thanks ------------------------------ Message: 9 Date: Tue, 30 Jan 2007 13:07:08 +0100 From: "Michele Costantino" <[EMAIL PROTECTED]> Subject: Scanning external-lan computer, no results? To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" I've tryed a lot of "internet connected" computer (even another pc connected via modem to internet), but after some seconds, i get the classic "no vulnerabilities found"; instead if i scan a local pc (via lan) it tooks some time, and i get the correct report. Any info on why i cannot scan other computers? Sorry for my english! PS: For the question about internet explorer,i've found a solution: regsvr32 scan.dll And the error has gone away! ------------------------------ Message: 10 Date: Tue, 30 Jan 2007 07:58:20 -0500 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: altering nessus knowledge base files To: "Sk8board Kid" <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Check out the .nessusrc file. that has a setting for deciding which ports to scan. the option you are looking for is called "port_range", which can look like "default" or "1-65535" or "22-25,80,443" and all points in between On 1/30/07, Sk8board Kid <[EMAIL PROTECTED]> wrote: > > I would like to launch nessus from the command line using my nessus > server on 127.0.0.1 in linux but would like it to skip the > portscanning and use a list of ports that i specify instead. > > I thought I could create a kb in > /opt/nessus/var/nessus/users/nessus/kbs/127/0/0/127.0.0.1 > > with the following content: > > 1170151262 3 Launched/10180=1 > 1170151262 3 Launched/10335=1 > 1170151262 3 Ports/tcp/80=1 > 1170151262 3 Ports/tcp/443=1 > 1170151262 3 Host/scanned=1 > 1170151262 3 Host/scanners/nessus_tcp_scanner=1 > > drwx------ 2 root root 4096 Jan 30 10:23 . > drwx------ 3 root root 4096 Jan 29 15:04 .. > -rw-r----- 1 root root 193 Jan 30 10:21 127.0.0.1 > > although the scan seems to work as expected, the kbs file is not > updated with the scans results. > > If i remove the file nessus runs from scratch saving it's kb with all the > info. > > Is there another way to do get the desired effect? > > Thanks > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070130/c21593a9/attachment.htm ------------------------------ Message: 11 Date: Tue, 30 Jan 2007 08:04:39 -0500 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: Scanning external-lan computer, no results? To: "Michele Costantino" <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" this is because most computers on the internet are protected in some fashion. Many of them have a firewall in front of them. This will cause your scan to come back with few or no results. It is generally considered impolite at the very least to scan someone else's computer. Most places will consider it an attack. Some will even prosecute. In some rare cases, it can cause actual harm, including loss of power, destruction of property, and (one would hope not, but you never know) loss of life. I have personally flooded (with water) a building with a nessus scan, and that was against computers I was authorized to scan. It is extremely important to only run nessus scans against computers you are authorized to do so. I would check out some of the documentation available at http://www.nessus.org/documentation/ particularly the Introduction to nessus listed on that page. On 1/30/07, Michele Costantino <[EMAIL PROTECTED]> wrote: > > I've tryed a lot of "internet connected" computer (even another pc > connected > via modem to internet), but after some seconds, i get the classic "no > vulnerabilities found"; instead if i scan a local pc (via lan) it tooks > some > time, and i get the correct report. > Any info on why i cannot scan other computers? > > Sorry for my english! > > > > PS: > For the question about internet explorer,i've found a solution: > regsvr32 scan.dll > And the error has gone away! > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070130/9fe1ac30/attachment.htm ------------------------------ Message: 12 Date: Tue, 30 Jan 2007 14:33:54 +0000 From: Richard Moore <[EMAIL PROTECTED]> Subject: Re: Scanning external-lan computer, no results? To: Doug Nordwall <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Doug Nordwall wrote: > I have personally flooded (with water) a building with a nessus > scan, and that was against computers I was authorized to scan. I have to ask, how did you manage that? It sounds like there's a story behind it... Cheers Rich. -- Richard Moore, Principal Software Engineer, Westpoint Ltd, Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England Tel: +44 161 237 1028 Fax: +44 161 237 1031 ------------------------------ Message: 13 Date: Tue, 30 Jan 2007 09:37:23 -0500 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: Scanning external-lan computer, no results? To: "Richard Moore" <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" I was waiting for that. Short of it was, I had permission to scan behind firewalls and these were very sensitive controllers that go TU when they get scanned. Hit the one on a boiler, it overflowed, flooded (like, a few inches) a building. On 1/30/07, Richard Moore <[EMAIL PROTECTED]> wrote: > > > > Doug Nordwall wrote: > > I have personally flooded (with water) a building with a nessus > > scan, and that was against computers I was authorized to scan. > > I have to ask, how did you manage that? It sounds like there's > a story behind it... > > Cheers > > Rich. > -- > Richard Moore, Principal Software Engineer, > Westpoint Ltd, > Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England > Tel: +44 161 237 1028 > Fax: +44 161 237 1031 > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070130/23611788/attachment.htm ------------------------------ Message: 14 Date: Tue, 30 Jan 2007 17:16:02 +0100 From: Javier Fern?ndez-Sanguino <[EMAIL PROTECTED]> Subject: Re: Scanning external-lan computer, no results? To: Doug Nordwall <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Doug Nordwall dijo: > I was waiting for that. > > Short of it was, I had permission to scan behind firewalls and these > were very sensitive controllers that go TU when they get scanned. Hit > the one on a boiler, it overflowed, flooded (like, a few inches) a > building. A new (funny) version of the "printer keeps printing garbage after a Nessus scan" problem. Indeed! Javier ------------------------------ Message: 15 Date: Tue, 30 Jan 2007 11:47:37 -0500 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: Scanning external-lan computer, no results? To: " Javier Fern?ndez-Sanguino " <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" well, i had a sort of "oh [EMAIL PROTECTED]" moment, then i started laughing. this was in the same week that a scan took down their peoplesoft servers (don't scan those!!!! we see why.... people patch already!!!) and a lot of other devices that really should have been better protected. Needless to say, this illustrated a need to remove these machines from the network. Short of it though was that I wanted illustrate how you should not be randomly scanning boxes ever, because they could come after you with very high powered lawyers and police and the like, for really good reasons, and not just "you scanned us". On 1/30/07, Javier Fernández-Sanguino <[EMAIL PROTECTED]> wrote: > > Doug Nordwall dijo: > > I was waiting for that. > > > > Short of it was, I had permission to scan behind firewalls and these > > were very sensitive controllers that go TU when they get scanned. Hit > > the one on a boiler, it overflowed, flooded (like, a few inches) a > > building. > > A new (funny) version of the "printer keeps printing garbage after a > Nessus scan" problem. Indeed! > > Javier > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20070130/5b3a35aa/attachment.htm ------------------------------ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus End of Nessus Digest, Vol 39, Issue 24 ************************************** _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
