RE: GFI False Positives

From: Chris Serafin (chris@chrisserafin.com)
Date: Tue Jan 03 2006 - 23:55:08 EST

• Next message: Maxime Ducharme: "Re: MyDoom"
• Previous message: Pete Herzog: "Re: Difficulties in Network Mapping & port scanning"
• In reply to: Mohamed Abdel Kader: "GFI False Positives"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I haven't had those issues, but I do know that GFI LanGuard very often
reports that the administrator account does not have a password.

Reports of Trojan activity, only when we are using a weird port # that a
Trojan uses.

Chris Serafin
IT Security / Voice Engineer
chris@chrisserafin.com

-----Original Message-----
From: Mohamed Abdel Kader [mailto:mak.pen@gmail.com]
Sent: Tuesday, January 03, 2006 1:53 AM
To: pen-test@securityfocus.com
Subject: GFI False Positives

Hello all,

I have been using GFI for some time now and most of the results turn out to
be false positives.

Typically the RPC.ypasswdd and recently reporting my doom port (3127) as
open whilst its not.

Any one experiencing the same problems?

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Maxime Ducharme: "Re: MyDoom"
• Previous message: Pete Herzog: "Re: Difficulties in Network Mapping & port scanning"
• In reply to: Mohamed Abdel Kader: "GFI False Positives"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:18 EDT