Renaud Deraison <deraisonat_private> writes: > For those who don't understand what is the point of this plugin, some > products (in particular "rweb") always reply with a special error code > when they see that Nessus is doing web probes And the way it is implemented (in RWEB at least), it helps no404 If there were no "anti nessus" rule, no404 would think that the server is well behaved and Nessus would spit kazillons of false positives on known flaws (which are protected by the default filtering rules). I suggested them to remove this "anti Nessus" rule... I don't know if they did it. This weakness apart, RWEB is not a bad product. Maybe I should look at the result of no404 and issue a warning? See patch. > (which is a stupid protection, similar to filtering packets with the > evil bit set). Well kazillons of script kiddies use Nessus b3ca4use it Iz S0 3L33T, and probably do not know how to patch it to announce Mozilla or IE... -- arboiat_private http://arboi.da.ru FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
This archive was generated by hypermail 2b30 : Mon Sep 01 2003 - 01:55:06 PDT