Re: nessus report
- From: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Date: Sat, 20 Dec 2008 16:52:21 -0600
--On December 19, 2008 11:32:51 PM -0600 Richard Yang <kusanagiyang@xxxxxxxxx> wrote:
hi,
when i ran nessus against my bsd box, nessus can detect "the remote host
is
up".
i don't understand how nessus can detect it...
does anyone know how it is done?
thanx
There are several ways to detect if a host is up. Responses to icmp packets is one. Almost all hosts will respond to pings unless they're prevented by a firewall.
Another way is the type of response to a probe of a port. Sometimes services will respond differently if they're firewalled than if they're not listening on a particular port. Also, very few computers have no ports at all listening. For example, most unix boxes will be running syslogd and listening on port udp/514. That is the default for that daemon. Unless you reconfigured syslogd to listen on localhost only, it will respond to probes.
Sometimes a host will respond to a problem with RSETs. It's very, very hard to configure a box in such a way that it's impossible to detect that it's up and running.
Run sockstat and look at what's listening on your computer. Then see if you can figure out how to get it to stop listening on those ports.
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
- References:
- nessus report
- From: Richard Yang
- nessus report
- Prev by Date: Re: handbook suggestion
- Next by Date: Gigabyte Motherboard Bios Setup
- Previous by thread: Re: nessus report
- Next by thread: general question about setting up gateway
- Index(es):
Relevant Pages
|
