On Apr 15, 2005, at 12:08 AM, Jason Haar wrote: > Hi there > > The "NetBus" tcp/12345 check mentions a bunch of trojans that could be > running on that port. What it doesn't realize is that Trend Micro > OfficeScan also runs on that port... > > Can that either be mentioned - in the sake of lessening freak-outs for > Trend sites? ;-) So script 11157 is for Trojans. "An unknown service runs on this port. It is sometimes opened by Trojan horses. Unless you know for sure what is behind it, you'd better check your system." So, the better solution would be to fingerprint the port better, identifying OfficeScan as what is running, and not alert on it if it _is_ a valid app? None of the other ports appear to list the valid services, neither should this one. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Apr 15 2005 - 07:41:15 PDT