Nessus
sinck@corp.quepasa.com
sinck@corp.quepasa.com
Fri, 21 Apr 2000 09:29:53 -0700 (MST)
\_ I just got done testing out the Nessus (http://www.nessus.org/) security
\_ suite on my latop, and it kicks ass! It only took me about 10 mins to set
\_ it up, and in only a few minutes of running, it came up with two huge
\_ security flaws in my system, which I immediately fixed.
It false reported several holes on my system, mostly because I have a
lot of ports open that basically play a nice submarine ping when they
get hit rather than doing anything. Um, and that script also calls
netstat too, methinks.
My favorite was testing the web server for vulnerabilities.... I've
got a 404 handler cgi that plays random explosion sounds for missed
pages. (Why, you ask? Well, my /etc/hosts file has a few hundered ad
banner domains pointing to 127.x, and now when I surf say, dilbert, I
get 6 or so phasers (special sound only for doubleclick) that shoot
down the accursed ad banners and return a 1x1 transparent gif.)
Anyway, between the pings for portscanning and the explosions for
webscanning, it was a merry little time on my box.
David