Date: Sat, 20 Dec 2008 16:52:21 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: questions@freebsd.org Cc: Richard Yang <kusanagiyang@gmail.com> Subject: Re: nessus report Message-ID: <22AC6248210F377B6C802CED@Macintosh-2.local> In-Reply-To: <abd417bf0812192132l1e99cfccyc297f32f388428ea@mail.gmail.com> References: <abd417bf0812192132l1e99cfccyc297f32f388428ea@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========866C85BF041C578F2739========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On December 19, 2008 11:32:51 PM -0600 Richard Yang=20 <kusanagiyang@gmail.com> wrote: > > hi, > when i ran nessus against my bsd box, nessus can detect "the remote host > is > up". > i don't understand how nessus can detect it... > does anyone know how it is done? > thanx > There are several ways to detect if a host is up. Responses to icmp=20 packets is one. Almost all hosts will respond to pings unless they're=20 prevented by a firewall. Another way is the type of response to a probe of a port. Sometimes=20 services will respond differently if they're firewalled than if they're=20 not listening on a particular port. Also, very few computers have no=20 ports at all listening. For example, most unix boxes will be running=20 syslogd and listening on port udp/514. That is the default for that=20 daemon. Unless you reconfigured syslogd to listen on localhost only, it=20 will respond to probes. Sometimes a host will respond to a problem with RSETs. It's very, very=20 hard to configure a box in such a way that it's impossible to detect that=20 it's up and running. Run sockstat and look at what's listening on your computer. Then see if=20 you can figure out how to get it to stop listening on those ports. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========866C85BF041C578F2739==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22AC6248210F377B6C802CED>