[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    Re: New vulnerability test: Domino servers
From:       Javier Fernandez-Sanguino =?iso-8859-1?Q?Pe=F1a?= <jfernandez () sgi ! es>
Date:       2001-02-28 14:29:20
[Download RAW message or body]

Michel Arboi escribió:
> 
> Javier Fernandez-Sanguino Peña <jfernandez@sgi.es> writes:
> 
> > i do not like this kind of feature on by default. I would suggest the
> > nessus did, by default, only the tests associated with a given server type
> > (Apache, IIS, Domino, NES...) when it finds out the server's name
> > and version.
> 
> Why not?

	Too much work wasted for no use. It's no use looking for Domino databases in an
Apache server, for example.. It's a waste of bandwith, a waste of time and makes
nessus fingerprint when attackin webservers simple to detect (since it will try,
blindlessly, things that are known not to work on the server audited)

> 
> > You migh say, ok, this will not work if the administrators have ofuscated the
> > server version (security through obscurity).
> 
> Nessus already have the "optimize test" feature which can be disabled.
> However, I see a couple of problems:
> - identifying the remote web server is not that easy.
> - attacks that are known to work against a type of web server may be
>   efficient against another, and this is not always written in the
>   vulnerability archives.
> 

On the first issue, 90% of web servers have the Server: header enabled. Netcraft
surveys use this so, until this changes and netcraft surveys show this decrease,
I guess nessus can use it too for its own purposes :)

	Regarding the second issue I say we should identify the plugins and not make
them depend on the server type and version. My guess is that there are not
really that many plugins that are server-independant.

	Javi

[prev in list] [next in list] [prev in thread] [next in thread]