[Openvas-devel] Changing message behaviour of find_service
geoff at galitz.org
Wed Dec 19 14:43:52 CET 2012
> * Jan-Oliver Wagner [19. Dec 2012]:
>> Hello Developers,
>> in openvas-libraries/nasl/nasl_builtin_find_service.c:mark_unknown_svc()
>> we always issue a log message for an unknown service.
>> The information is pretty useless. The fact that there is a
>> open port is handled already separately and through the KB entries
>> set by find_service.
> So I am in favor of removing the message, but think the detection of
> unknown services on common ports should be kept in mind here.
Speaking as an operations/security engineer if there is an unknown service
running, especially on a well known port, I need to know about it. Even
if it is the correct service but it is not responding correctly it is an
indicator that I should check out.
So long as such situations are clear to me in the scan report all is well.
Would the proposed change remove that clue from the scan report?
More information about the Openvas-devel