Date: Sat, 20 Dec 2008 16:52:21 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: questions@freebsd.org Cc: Richard Yang <kusanagiyang@gmail.com> Subject: Re: nessus report Message-ID: <22AC6248210F377B6C802CED@Macintosh-2.local> In-Reply-To: <abd417bf0812192132l1e99cfccyc297f32f388428ea@mail.gmail.com> References: <abd417bf0812192132l1e99cfccyc297f32f388428ea@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On December 19, 2008 11:32:51 PM -0600 Richard Yang <kusanagiyang@gmail.com> wrote: > > hi, > when i ran nessus against my bsd box, nessus can detect "the remote host > is > up". > i don't understand how nessus can detect it... > does anyone know how it is done? > thanx > There are several ways to detect if a host is up. Responses to icmp packets is one. Almost all hosts will respond to pings unless they're prevented by a firewall. Another way is the type of response to a probe of a port. Sometimes services will respond differently if they're firewalled than if they're not listening on a particular port. Also, very few computers have no ports at all listening. For example, most unix boxes will be running syslogd and listening on port udp/514. That is the default for that daemon. Unless you reconfigured syslogd to listen on localhost only, it will respond to probes. Sometimes a host will respond to a problem with RSETs. It's very, very hard to configure a box in such a way that it's impossible to detect that it's up and running. Run sockstat and look at what's listening on your computer. Then see if you can figure out how to get it to stop listening on those ports. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22AC6248210F377B6C802CED>