Results 1 to 3 of 3

Thread: Do nessus leak some information from (paranoid user)?

  1. 04-13-2008, 08:47 AM #1
    imported_capron
    imported_capron is offline
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    23

    Default Do nessus leak some information from (paranoid user)?

    Do nessus leak some information ?

    In order to run updated plugins nessus demands a registration. This and all the use of hash and certs makes me paranoid. Cud it be possibel for a IDS too collect use full information from the nessus demon when it detect a scan?
  2. 04-13-2008, 06:21 PM #2
    Archangel-Amael
    Archangel-Amael is offline
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by capron View Post
    Do nessus leak some information ?

    In order to run updated plugins nessus demands a registration. This and all the use of hash and certs makes me paranoid. Cud it be possibel for a IDS too collect use full information from the nessus demon when it detect a scan?
    One may never know what some one else's tools are doing so there are a few options.
    1. Don't use the tools
    2. Find source code for all the tools one uses and look at said code and understand everything it is doing.
    3. Code your own tools.
    4. Don't use tools on networks in which you do not have explicit written permission to use said tools on.

    There are probably others but that should help get you started.
    Your question is kind of like asking is an encryption scheme secure.
    Well yes some are but all of them are only temporarily secure in that they have not been attacked long enough, Eventually they will fold but it may take thousands of years for that to happen.
    So the question then goes back to is it really secure?


    As for nessus you don't have to give any real info in order to register.
    However one may have to worry about email/ip address info when doing so but there are ways to mitigate this. Then there is the question do the tools have usage tracks that are combined with registration /email/ip address

    Good luck
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.
  3. 04-13-2008, 07:04 PM #3
    hhmatt
    hhmatt is offline
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by capron View Post
    Do nessus leak some information ?

    In order to run updated plugins nessus demands a registration. This and all the use of hash and certs makes me paranoid. Cud it be possibel for a IDS too collect use full information from the nessus demon when it detect a scan?
    If your not doing anything wrong then there shouldn't be anything to worry about.

    If you want to know what nessus is doing and how the information is being sent and to where, then use a packet sniffer/network analyzer like wireshark and watch the packet streams.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules