[unisog] Possible fales positives for MS04-007

Clarke Morledge chmorl at wm.edu
Tue Mar 2 19:12:53 GMT 2004


We have seen problems with the Nessus scan when running over a subnet
range.  Querying individual hosts is more accurate (not sure why that is).

The 007scan has worked very well for us and does not seem to have the
trouble that the Nessus scan has. So it would be good to know if anyone
else can confirm your observations regarding 007scan.

And yes, the numbers for false positives are low in any case.

Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Williamsburg VA 23187
chmorl at wm.edu

On Mon, 1 Mar 2004, Russell Fulton wrote:

> We are getting some apparent false +ves from both Nessus and 007scan. 
> Both say boxes are vulnerable but admins swear they are patched.  In at
> least one case it turned out the admin was patching the wrong box but I
> have asked them all to check this and make quite sure of the IP of the
> box they are working on. Numbers are low -- 3 or 4 machines out of
> several thousand machines and I am inclined to lay it to human error,
> but...
> Anyone else seeing this?
> Russell
> -- 
> Russell Fulton                                    /~\  The ASCII
> Network Security Officer                          \ /  Ribbon Campaign
> The University of Auckland                         X   Against HTML
> New Zealand                                       / \  Email!

More information about the unisog mailing list