[9506] in bugtraq
Re: ISS Internet Scanner Cannot be relied upon for conclusive
daemon@ATHENA.MIT.EDU (Brian Koref)
Fri Feb 12 14:32:46 1999
Date: Thu, 11 Feb 1999 19:07:52 -0800
Reply-To: briank@conxion.net
From: Brian Koref <briank@CONXION.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BE554A.F4AA87B0.munkedal@n-m.com>
Network and System security IS NOT a point solution. ISS
scanner is just one tool. I know I'll never fully secure any one
system, let alone entire disparate enterprises comprised of
multitues of various modern and legacy OS/hardware/software,
rogue programs, etc...To keep up with with patches, security bugs,
poorly written C, CGI and perl scripts, rogue java applets is
frustrating and a full time job...
I know this isn't quite the forum for the above comment, but I do
want to mention a thought regarding banners. I know of some
sysadmins, who change the banners for sendmail, ftp, telnet, imap,
etc...to "disguise" services. I'm a little concerned about false
negatives, if scanner uses the "assumption" model for some of it's
scanning methodology. If the tool behaves in that fashion, then it
should be noted in the report...BK
