[Openvas-discuss] Not scanning machines which don't respond to pings

Geoff Galitz geoff at galitz.org
Sat Aug 11 17:17:43 CEST 2012


>>>> To believe that this increased security is just wrong. Hiding the
>>>> banner doesn't make a webserver (or other services) more secure
>>>

>>> but it makes automated attacks followed by simplest scans
>>> less likely in the timewindow between release of a security
>>> update and install it on the machine
>>
>
> below the fingerprinting of a nessus-scan from
> an external security scan running weekly
>
> no, this is really not a printer running
> on top of HP ProlIant 380DL :-)

>
> Scan: 04.08.2012 06:27:01 - 04.08.2012 06:38:38
> Betriebssystem: KYOCERA Printer
>


I think the main point to take is that by disrupting the fingerprinting
process you can disrupt the workflow of the attacker.   Whether the target
is any more secure or not, strictly speaking, you are making the attacker
do more work.  If the attack is automated then that "more work" might not
be in the attacking program's logic and you can get a big benefit.

-G




------------------------------
Geoff Galitz
http://www.galitz.org




More information about the Openvas-discuss mailing list