On Sat, 2005-02-19 at 08:22 -0800, Jon Passki wrote: > But security_note shouldn't display messages that state the service > is not vulnerable, correct? Right > I thought security_note and > security_warning were ways to assess the impact to the environment. For me, it's rather to describe what was found. When you have a strict policy about what should be running, a superfluous service should be removed but cannot be considered exacty as a security hole. > As for your second statement, that could be said about recursive > DNS, SMTP relaying, and HTTP proxying, etc. In a few scripts, we look if the IP address is public or private (RFC 1918). In the first case, we suspect that there is a problem. Not perfect: a private IP may be accessed from outside through NAT. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat Feb 19 2005 - 08:33:15 PST