FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
Help with Nessus vulnerability scanner results

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
jamesthemagician
-


Joined: 14 Oct 2005
Posts: 32
Location: gloucestershire, uk
PostPosted: Sat Oct 14, 2006 9:49 pm    Post subject: Help with Nessus vulnerability scanner results Reply with quote
[FALSE ALARM!]
_________________
This signature is getting old

Last edited by jamesthemagician on Tue Feb 26, 2008 7:16 pm; edited 1 time in total
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295
PostPosted: Sun Oct 15, 2006 7:25 pm    Post subject: Re: Help with Nessus vulnerability scanner results Reply with quote
jamesthemagician,

Nessus results can be somewhat confusing and badly explained in their reports.

For example "The remote web server crashes when it receives a too long URL." is not true. Abyss Web Server has not crashed (Nessus could not know about a remote crash). Abyss simply detected that the URL is bad and is meant to attack the server. So it instantly aborted the connection with Nessus (whcih was wrongly interpreted as a crash, but the server was still there and running fine).

The same applies to all other tests that were done to exploit vulnerabilities commonly found in many web servers.

We suggest that you check your log file where you'll notice that Abyss Web Server has never replied to such requests or has issued error replies to them. You can also check that Abyss Web Server has never crashed during the tests.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
jamesthemagician
-


Joined: 14 Oct 2005
Posts: 32
Location: gloucestershire, uk
PostPosted: Tue Oct 17, 2006 7:59 am    Post subject: Reply with quote
Thanks alot! :D
_________________
This signature is getting old
Back to top View user's profile Send private message Visit poster's website
aprelium
-


Joined: 22 Mar 2002
Posts: 6800
PostPosted: Tue Oct 17, 2006 10:19 am    Post subject: Reply with quote
jamesthemagician wrote:
Thanks alot! :D


Another note: if Anti-hacking is enabled in Abyss Web Server, any further connection from Nessus (except probably the first ones) will be refused and wrongly reported as a crash by it. Actually Abyss Web Server will accept the connection from Nessus and abort it immediately after that since the computer on which Nessus is running has been added to the ban list.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group