From: hellNbak (hellnbak@nmrc.org)
Date: Tue Aug 03 2004 - 15:11:30 EDT
Would it not be much easier to capture the traffic and compare it to known
(generated in a controlled environment) Nessus scanning traffic? There
will be signatures and it should be easy to spot.
You could even take this one step further and check if your favorite NIDS
will recognize the standard signatures generated by a Nessus scan as well
as other tools. This would allow you to passively log the traffic and
allow the IDS rules to identify what has been pointed at your systems.
Personally, I like the first option as it removes the potential for silly
errors on an automated systems part.
On Mon, 2 Aug 2004, Chris Griffin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
> Im trying to find some good holes, that aren't major security issues,
> that i can create on a machine to see if our testing company really
> uses anything other than nessus.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
> cC69CeYr16OsfuYu6u1oe8U=
> =bGZi
> -----END PGP SIGNATURE-----
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT