On Sat, Feb 19, 2005 at 07:50:48AM -0800, Jon Passki wrote: > That works, too. Do you agree, though, that it's inconsistent to > only focus on a couple services (such as the UDP services) versus > all services? We don't do that with HTTP or FTP services, then why > is it okay with lesser-used services? I'd rather be more worried > if I was assessing a network and came across multiple unused HTTP > services versus echo/udp services, regardless if there was a > vulnerability. The problem is that for some of these esoteric services, the only way to check for a flaw is to crash the service itself (a suboptimal method), and sometimes the flaw is not patched at all (ie: sadmin). I agree that the report should be displayed when paranoia is enabled only. -- Renaud _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat Feb 19 2005 - 09:46:49 PST