Re: nessus scaremongering?
On Tue, May 06, 2003 at 09:38:19AM +0200, Svein Ove Aas wrote:
> On Tuesday 06 May 2003 04:39, Hugh Saunders wrote:
> > It wouldnt suprise me if someone had compromised the windows box [heh. its
> > a windows box :p] but i couldnt find any of the telltale back orifice
> > files on the windows box so im tempred to think it was another false
> > result by nessus.
>
> You wouldn't, of course; if BO is installed it'll control what you see.
> Try pecking out the HD and checking it on a Linux box, or just inserting a
> Knoppix CD.
hmm tried with knoppix cd, mounted the drive and looked for windll.dll
which apperently BO creates -couldnt find it. That is good, but im still
kinda edgy!
> > Nessus appears to be a good tool but ive pointed it at 3 local machnies
> > so far and the results of two of those are questionable. Is nessus
> > usually reliable? have other people had false matches? Could i actually
> > have both these trojans?
>
> I really don't know, but if the router drops packets sent to the usual Shaft
> port while allowing others through, then Nessus will view that as highly
> suspicious.
hmm, i agree that would be strange behaviour. The router doesnt seem to
have any firewalling options so i dont know why it would be dropping
packets to/from a certain port.
--
Hugh Saunders [GCv3.12] GCS d- s: a--- C+++ UL++>$ P+ L+++ E--- W-- N++
K- w-- M- V? PS-- Y PGP- t-- !5 X- R- tv-() b- DI+ D- G++ e- h++ r z?
Reply to: