Re: how to run attacks using nessus

To:	"Ron Gula" <rgula@tenablesecurity.com>
Subject:	Re: how to run attacks using nessus
From:	Girish <girishramgopal@gmail.com>
Date:	Wed, 9 May 2007 21:08:05 +0530
Cc:	nessus@list.nessus.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=cimoBX3fnQk3I8pwJuPR5kntgL6i8wFUTLdoIWX9YH/KUTZsuLpChwotxSm/82GfgbE4Di3/wJNnMOufOdbBP3Q3DA48a++mjn4cSGwSMzrOBpolAqjstGZPbNXXFencaMXQK2UJJFLUnD31qY5QxsRuVHtsfABAWztDMa+dRqc=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=ZdRPkBZKiUEEOawFTR6QNdK++Qxr1K3FplQDoOHI1sEvi9ER8PYIAKC0FQx5oJ+ECZO9PgKowGYfTBSRzGAIVFZy1iUofHOR9XeSvXwGrjt1X6QAf38nkf/r+shl3SoW5g1oZ3NrPFPrwotUSbiMuQUdRpwoQBeWcyvaYrgsi2Q=
In-reply-to:	<4641DBB2.3030005@tenablesecurity.com>
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
References:	<886334340705082140v1374632dg2abcc37cbce5390e@mail.gmail.com> <4641B5BE.2010301@tenablesecurity.com> <886334340705090726l280221d7q6efc6ad2cbd08221@mail.gmail.com> <4641DBB2.3030005@tenablesecurity.com>
Sender:	nessus-bounces@list.nessus.org

Thanks a lot for the help.

Regards,

Girish

On 5/9/07, Ron Gula <rgula@tenablesecurity.com> wrote:

Girish wrote:
> Hello Ron,
>
> That was an excellent link.
> Please tell me one more thing, like if I have to scan all the protocols
> over
> TCP of a host behind the firewall from external world, should I have a
> policy for allowing all TCP traffic in my firewall?
> I hope am correct. Please correct me if I am wrong. I can proceed soon.
>

Typically, you should perform a full scan from outside your firewall to
an internal system and analyze the results. Performing a full port scan
should find allowed access to the internal systems.

Although out of scope for this mailing list, things you should consider:

- the firewall might allow access to a port closed on your target host.
If this is against policy, you might not find this with a basic scan.

- you should audit what is logged by the firewall. If your policy is to
log all blocked connections, you should see logs for your scan.

- don't forget to consider filtering that may be in place by the host, a
network device and the firewall.

Ron

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
how to run attacks using nessus, Girish Re: how to run attacks using nessus, Ron Gula Re: how to run attacks using nessus, Girish Re: how to run attacks using nessus, Ron Gula Re: how to run attacks using nessus, Girish <=

Previous by Date:	RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING, Asterisks *
Next by Date:	Re: how to run attacks using nessus, Girish
Previous by Thread:	Re: how to run attacks using nessus, Ron Gula
Next by Thread:	End of Life : Nessus < 2.2.9, all-2.0.tar.gz, Renaud Deraison
Indexes:	[Date] [Thread] [Top] [All Lists]