Just wondering how you selected the IP ranges you scanned in your 'survey'. A nessus scan sets off a very nasty list of IDS signatures, and if dedicated monitoring service (or a decent IDS analyst) was watching your IP surely would have been reported to your ISP on more than one occasion. Since you were probably not authorized to be scanning these IP's, were you reprimanded at all? Kevin Hodle CCNA, Network+, A+ Alexander Open Systems Network Operations Center (913)-307-2367 kevinhat_private -----Original Message----- From: Alex Zimin [mailto:alexat_private] Sent: Sunday, April 06, 2003 8:15 AM To: pen-testat_private Subject: Top 10 vulnerabilities and open ports. Inprotect.com made available top 10 vulnerabilities and top 10 open tcp ports reports based on the results of the free security scans performed from it's site since October 2002. Reports are based on the results of tests performed using Nessus security scanner. Nessus scans were configured to test common tcp ports with all safe non-DOS checks enabled. Tests were performed over time with the 1.2.5 - 2.0.1 versions of Nessus security scanner. Since October 2002, 936 systems were tested 1192 times (some systems were tested more than once). Security scans results show that over 19,000 security vulnerabilities were found, or close to 16 vulnerabilities found per scan (these numbers include open ports). These reports may contain some false positive results, but it's impossible to determine number of false positives at this time. Top 10 vulnerabilities and open tcp ports reports are also available for the period of the last 30 days, which may show statistics on newly discovered vulnerabilities. The top 10 vulnerabilities reports are grouped by Nessus risk factor, CVE ID, CVE ID (candidates) and Bugtraq ID. The reports data may be useful for security professionals or for preparing researches on most common vulnerabilities. Top 10 vulnerabilities and open ports reports: http://www.inprotect.com/modules.php?op=modload&name=Nessus&file=reports Alex Zimin Inprotect.com alexat_private top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test <b> -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. -------------------------------------------------------------- </b>
This archive was generated by hypermail 2b30 : Tue Apr 08 2003 - 08:39:10 PDT