Re: Product Review - CORE Impact (I said something wrong about Nessus)

From: Kurt Seifried (bt@seifried.org)
Date: Wed Jul 09 2003 - 18:17:24 EDT


>On Tue, Jul 08, 2003 at 11:38:58PM -0700, Kurt Seifried wrote:
>> typically are just banner harvesting tools (i.e. Nessus) and not actually
>> "exploit the service, and run shell code on the remote end".
>
>I won't reply to the list, but this is a gross mis-statement.
>
>-- Renaud

I have to agree and I apologize, it was late and I couldn't think of another
example quickly. The basic issue however reamins that the majority of pen
testing tools do not actually break into the server, they typically harvest
a banner ("Sendmail 8.foo, you got bugs!") which can cuase them to spew if
you're like me and have Bind report binary junk data to version requests
(which causes a lot of pen testing tools to choke) or they execute part of
the attack (i.e. cause an error message, whatever). Nessus does have the
denial of service tests, however last I checked none of the tests will
actually give you a remote shell (although they could be could be modified
to do so but then you're back to basically writing all your exploits from
scratch).

The ability for Core IMPACT to actually break into something is a critical
distinction, once i break into a DMZ systemm or a firewall for example you
can typically rampage through the network, or exploit trust relationships,
not something most pen testing tools allow.

I think the problem is most of us tend to lump "security scanners" in with
"pen testing tools" when they are in fact apples and oranges.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT