sasser virus (was Re: [unisog] student fees for cleaning.)

Matt Crawford crawdad at
Mon May 10 13:55:54 GMT 2004

>> 	No. We don't scan the network looking for vunarable machines without
>> the owner's permission. Our experience with Nessus scans says that it 
>> sometimes
>> causes the machine to reboot.
> We do scan, but not with nessus.  I generally us scanners dedicated to 
> a
> single vulnerability (eg from foundstone, eeye or (my favourite - base
> on the uconn resnet scanner).

We scan with the whole site with nessus, but only for the most critical 
vulnerabilities.  There hasn't been a problem.  Giving a Windows or 
IRIX machine the works with nessus can choke it, so we provide two 
nessus servers (one inside, one outside the perimeter) to which 
registered sysadmins can authenticate (via kx509 certificate) and scan 
those systems for which they are a registered admin with any plugins 
they choose, on their own schedule.

More information about the unisog mailing list