[unisog] OS Vuln Scanners

Alexander Clouter alex-unisog at digriz.org.uk
Fri May 9 08:54:12 GMT 2008 

Hi,

jonesy <jonemark at isu.edu> [20080508 10:03:42 -0600]:
>
> You might want to start "light" and use Nmap to map out you subnets  
> first: "nmap -sP subnet/00" will get you a basic host detection. Then  
> ramp up from there to find open service ports on just those hosts you  
> find "alive" with increasingly larger guns (more aggressisve nmap  
> scans and larger nessus scans. (Nmap.org is your friend.)
> 
I personally would recommend 'scanrand' from the paketto suite[1], it's a 
stateless scanner so you can scan at the bandwidth of your link...if you were 
crazy enough.  This gets through 65k ports over a /16 far faster :)

Cheers

Alex

[1] http://www.doxpara.com/

> On May 8, 2008, at 6:00 AM, unisog-request at lists.dshield.org wrote:
> >
> > Date: Wed, 7 May 2008 13:14:42 -0400
> > From: "Nipper, Johnny R." <Nipperj at uncw.edu>
> > Subject: Re: [unisog] OS Vuln Scanners
> > To: "UNIversity Security Operations Group" <unisog at lists.dshield.org>
> > Message-ID:
> > 	<F68B99A3CB5A764EBAB65292104BC70E178C0AAD at UNCWMAILVS2.dcs.uncw.edu>
> > Content-Type: text/plain;	charset="iso-8859-1"
> >
> > Hello all,
> >
> > We are a new security department in the beginning stages of  
> > discovering vulnerabilities as well as rogue servers on our  
> > network.  We are discovering as we go and learning from our  
> > mistakes.  One issue we are tackling is departmental servers  
> > outside of our central IT.  We do not have a comprehensive list of  
> > every system.  I have been using different techniques for  
> > discovering servers and working with each administrator  
> > individually to do routine scans.  Recently we began running Nessus  
> > on the entire network one subnet at a time.  During this time,  
> > systems have crashed with our "safe scan" option set.  This  
> > undoubtedly helps us discover systems as well as vulnerabilities,  
> > but in the meantime this causes issues.  We would like to notify  
> > departmental administrators prior to each scan.  Our issue is, we  
> > did not previously know about these systems.
> >
> > We have already sent out a communiqu? with a protocol for every  
> > administrator to run scans on their system and report them to the  
> > security department.  The ones that are having issues now are  
> > systems that were not disclosed during our initial request several  
> > months ago.
> >
> > How would everyone tackle this situation?  Would you send out a  
> > communication to the entire campus in advance for all scans?  When  
> > would you run your scans?  Do you make this part of your change  
> > control procedure?  Any help would be very appreciated.
> >
> > Thanks,
> > Johnny
> >
> >
> > -----Original Message-----
> > From: unisog-bounces at lists.dshield.org [mailto:unisog- 
> > bounces at lists.dshield.org] On Behalf Of BACHAND, Dave (Info. Tech.  
> > Services)
> > Sent: Wednesday, April 23, 2008 10:17 AM
> > To: UNIversity Security Operations Group
> > Subject: Re: [unisog] OS Vuln Scanners
> >
> > Hello-
> >
> > We use Nessus to scan the entire university frequently.  The freeware
> > version is the same as the paid commercial version, except that the
> > signatures are delayed on the free one.  All that said, it's an
> > extremely useful tool, and is not very hard to use.
> >
> > One thing I like is the "safe checks" flag.  IE for Internet facing
> > services, we probe it more harshly, whereas for more protected  
> > services
> > we can scale back the aggressiveness.  But beware that "safe checks  
> > off"
> > can and will wax a weakly configured system. :-)
> >
> >
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-- 
 __________________
< To err is humor. >
 ------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.sans.org/pipermail/unisog/attachments/20080509/f0c0ca3e/attachment.bin

More information about the unisog mailing list