On Sun Sep 12 2004 at 13:54, Michael Scheidell wrote: > Ok, but how do we tell when it fails? It is not supposed to fail. When I got this last week, I could not find any reasonable explanation. Maybe a network glitch or a temporary problem on the web server. > wasn't no404.nasl supposed to tell us that there was a large > possibility that every plugin would be a FP? and warn us? When cross_site_scripting find a generic XSS, it reports it and sets a KB entry which disables the other XSS tests. > What do we do when we get PF's (this seems to be a load balancer gone > postal..) > debug mode shows the '301' header interdispersed with the www banner > Where should I start to try to tighten it up? Try with the up to date *.inc first, I added a couple of things to protect Nessus against Webmin. It did not work fully (sometimes, the answer is truncated) but it lowered the number of FP. Webmin is too broken to be reliably scanned by Nessus so in the end Renaud added a specific part of code to disable CGI tests against it. My small enhancements might be helpful anyway. You should set "debug" to 3 in "Global settings" prefs. This will give much (useful?) information. > Since you have an example (probably similar situation? load > balancer?) > you going to take the first swipe at it? Unfortunately, I could not find anything good :-( I was playing against a Candle Web Server. KDH looks specific, not an known OEM web server: its HMAP fingerprint is very different from any known signature. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sun Sep 12 2004 - 05:23:23 PDT