On Wed, 2003-06-11 at 09:13, Renaud Deraison wrote: > On Wed, Jun 11, 2003 at 08:46:39AM +0800, Michael Boman wrote: > > The later one should according to my research be somewhat vulnerable to: > > > > http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html > > http://www.kb.cert.org/vuls/id/AAMN-5G62MC > > http://www.iss.net/security_center/static/10868.php > > > > It was also never detected as a SSH server > > Does the report at least show the SSH banner somewhere ? Don't you have > DNS issues which would prevent nessusd from receiving the banner > (ie: what happens when you connect to the tested host, on port 22 ? Do > you receive a banner right away ?) Yes, the SSH banner is detected and reported in Nessus. But because the port/service is never recognised as a SSH server you get quite a few false positives on the port. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 19:36:47 PDT