Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Nessusd needs a public server


Del wrote:

Andrew Eager wrote:

Why aren't there any public servers out there running a nessusd ?


Because if they were then many many crackers would use them to remotely
and anonymously portscan large blocks of the internet.  Since the scans
would appear to come from the nessus server itself rather than the
crackers, and nessus doesn't do a great deal of logging, they would be
almost impossible to track down.

Silly me. I just thought that the password suppled by the nessus client along with nessusd only 'attacking' the single (and verified by reverse DNS) IP address would be secure enough. I guess I'm still a bit green when it comes to security - I did my best 6 months ago to disable all of it while learning linux. Now having just been cracked - root kit and all I'm putting it all back again (and even looking to test my newfound ipchains scripting skills)


I run a nessus server on the internet for my own purposes so I can
port scan my clients on request and do other forms of system auditing.
I don't open it up to Joe Public, however.

I've just done the same. Still a bit of a pain for home / small office environments where you need 2 separate links / ISP's just for testing. Also nessusd being what it is needs no firewall between the server and its ISP, which means that it is under threat while the test is being done.

Andrew E.