On Jun 15, 2008, at 3:44 PM, David Liss wrote: > Related to this, "Denial of Service" plugins are checked (enabled) > by default, even though the installation guide advises against these > checks on production machines.
Nessus has a plugin family named "Denial of Service", which covers denial of service vulnerabilities, and a plugin "category" named ACT_DENIAL, which is for plugins that might crash a host or service. The plugin family is what you see in a client's list of plugins (with NessusClient at least) while the documentation refers to dangerous plugins such as those in the ACT_DENIAL category. The two do not necessarily intersect. Indeed, we can often test for a denial of service vulnerability using a version number, perhaps from a registry or a banner. And while we don't tend to write dangerous plugins any more, many older plugins check for things like buffer overflows or format string vulnerabilities by simply trying to crash the affected service, which would cause it to be placed in the ACT_DENIAL category. Does that help? George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
