On Fri, Oct 22, 2004 at 07:34:20AM +0100, Martin O'Neal wrote: > However, if the script just grabs the first clock and exits, then it > misses out on the opportunity to catch situations where the firewall/nat > device hides multiple web servers behind a single IP address, or where a > single web server has multiple addresses assigned. > > Both of these get picked up implicitly by the script... The modified version of the script that I posted exits only when it finds a first non-synchronised clock. The script does not contain any logic to indicate to the user that the remote service is actually a NAT to another box. > What if I split it into three separate scripts; this should make the > execution time more acceptable? That's still slow. What could be done would be to modify ntp_open.nasl and icmp_timestamp.nasl to write down in the KB that the remote host is indeed replying to NTP and ICMP timestamp requests, and then make your script depend on these two. This allows us to have a greater timeout AND not waste time for nothing. -- Renaud _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Oct 22 2004 - 06:00:37 PDT