Both clients are using NTP 1.2 and I've set all the preferences in ScanLite that seem to be relevent (based on the export of my Windows session), but still getting different results when I run the scan (ID:16193) with ScanLite (does not find a hole). The log from the ScanLite scan is longer since log_whole_attack = yes is set. Do you know where in the Windows and/or Linux gui client I can set log_whole_attack=yes/no?
On 03/16/07 14:51, Steve Reagan wrote:
> Is
> there a way that I can tell what NTP version my other clients
> (Unix/Windows) are using (the docs say ScanLite defaults to v1.2)?
Unless you're talking about an older client (I'm not sure, but probably
before 2003), it's almost certainly using NTP 1.2.
In practice, you can verify this by looking in the nessusd.messages
logfile on your server for lines like:
[Wed Mar 14 04:25:20 2007][14542] Client requested protocol version 12.
A version of "12" indicates NTP 1.2, "11" is 1.1, and "10" is 1.0.
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus