[Openvas-discuss] Not scanning machines which don't respond to pings
michael.meyer at greenbone.net
Sat Aug 11 14:17:35 CEST 2012
*** Reindl Harald wrote:
> Am 11.08.2012 11:51, schrieb Michael Meyer:
> >> Ping is off for a large percentage of public IPs that yet have services exposed.
> > Realy? How many (in %) you think don't answer to ping? Where did you
> > get this information?
> > Not allowing ping makes _no_ security gain. Denying ICMP is mainly
> > only useful in the "Security By Obscurity" model. "Security By
> > Obscurity", however, is completely useless.
> but as you can see it works just in the case of OpenVAS
No. As i explainied, ping_host.nasl doesn't rely on ICMP ping only.
> "Security By Obscurity" is not a good security
> but it is a dmaned good ADDITIONAL security for still hardened machines
No. It implies no safety gain.
Michael Meyer OpenPGP Key: 52A6EFA6
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
More information about the Openvas-discuss