[Openvas-discuss] Not scanning machines which don't respond to pings

Michael Meyer michael.meyer at greenbone.net
Sat Aug 11 14:17:35 CEST 2012


*** Reindl Harald wrote:
 
> Am 11.08.2012 11:51, schrieb Michael Meyer:
> >> Ping is off for a large percentage of public IPs that yet have services exposed.
> > 
> > Realy? How many (in %) you think don't answer to ping? Where did you
> > get this information?
> > 
> > Not allowing ping makes _no_ security gain. Denying ICMP is mainly
> > only useful in the "Security By Obscurity" model. "Security By
> > Obscurity", however, is completely useless.
> 
> but as you can see it works just in the case of OpenVAS

No. As i explainied, ping_host.nasl doesn't rely on ICMP ping only. 

> "Security By Obscurity" is not a good security
> but it is a dmaned good ADDITIONAL security for still hardened machines

No. It implies no safety gain. 

Micha
-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list