Re: lprng

To: Juha Jäykkä <juolja@utu.fi>
Cc: debian-security@lists.debian.org
Subject: Re: lprng
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Mon, 10 Dec 2001 12:28:01 +0100
Message-id: <[🔎] 20011210112801.GH31060@dat.etsit.upm.es>
In-reply-to: <[🔎] Pine.SOL.4.30.0112071308420.16406-100000@alya.utu.fi>
References: <[🔎] Pine.SOL.4.30.0112071308420.16406-100000@alya.utu.fi>

On Fri, Dec 07, 2001 at 01:20:43PM +0200, Juha Jäykkä wrote:
>   Most false positives are easily dismissed by knowing your setup which
> nessus does not. There are a couple of concering cases, though: This
> case of lprng: nessus only says it detects an lprng daemon, but NOT
> that it cannot tell the version number and just states what I describe
> in the beginning. Another is Trin00. It has this far detected three
> machines with Trin00. In one of them it most certainly is false since
> it claims to have found Windows version of Trin00 on an IRIX host...
> The other two cases, on the other hand give no hint of being falses.
> Does anyone know how reliable nessus is in detecting Trin00? Does it
> only check that port X is open, thus we have Trin00 there or does it
> really send some commands to the supposed Trin00 client/daemon and
> verify its existence from the reply? If nessus is not realiable, how
> can I check for it?
> 
	You can see the code yourself. Just go to www.nessus.org and check
out the plugins section. As you can see at
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/trinoo.nasl

	the trinoo test does send some UDP packet to the 27444 port and
checks the result. If you find out a false positive in a given platform
please report it to the nessus mailing list (nessus@list.nessus.org)

	Regards

	Javi

Reply to:

References:
- lprng
  - From: Juha Jäykkä <juolja@utu.fi>

Prev by Date: Re: Can a daemon listen only on some interfaces?
Next by Date: Re: Fw: Can a daemon listen only on some interfaces?
Previous by thread: lprng
Next by thread: Spamming
Index(es):
- Date
- Thread