[Openvas-discuss] Not scanning machines which don't respond to pings

Reindl Harald h.reindl at thelounge.net
Sat Aug 11 16:36:23 CEST 2012



Am 11.08.2012 16:16, schrieb Michael Meyer:
> *** Reindl Harald wrote:
>> Am 11.08.2012 15:51, schrieb Michael Meyer:
>  
>>> To believe that this increased security is just wrong. Hiding the
>>> banner doesn't make a webserver (or other services) more secure
>>
>> it makes it not secure by the defintion of secure
> 
> Aha...
> 
>> but it makes automated attacks followed by simplest scans
>> less likely in the timewindow between release of a security
>> update and install it on the machine
> 
> "man fingerprinting"

man iptables
man sysctl.conf

below the fingerprinting of a nessus-scan from
an external security scan running weekly

no, this is really not a printer running
on top of HP ProlIant 380DL :-)

and yes, the scanner host is excluded from rate-controls
anonymous remote-addresses will have it much more difficult
to try fingerprintig while permently blocked by ratecontrols
______________

Scan: 04.08.2012 06:27:01 - 04.08.2012 06:38:38
Betriebssystem: KYOCERA Printer

openvas can not determine OS nor the webserver too
namp the same, so i have seen no single successful
fingerprinting on any of the machines i maintain in
the last 2 years

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120811/2b00b1c9/attachment.asc>


More information about the Openvas-discuss mailing list