nessus report
Paul Schmehl
pauls at utdallas.edu
Sat Dec 20 23:21:15 UTC 2008
--On December 19, 2008 11:32:51 PM -0600 Richard Yang
<kusanagiyang at gmail.com> wrote:
>
> hi,
> when i ran nessus against my bsd box, nessus can detect "the remote host
> is
> up".
> i don't understand how nessus can detect it...
> does anyone know how it is done?
> thanx
>
There are several ways to detect if a host is up. Responses to icmp
packets is one. Almost all hosts will respond to pings unless they're
prevented by a firewall.
Another way is the type of response to a probe of a port. Sometimes
services will respond differently if they're firewalled than if they're
not listening on a particular port. Also, very few computers have no
ports at all listening. For example, most unix boxes will be running
syslogd and listening on port udp/514. That is the default for that
daemon. Unless you reconfigured syslogd to listen on localhost only, it
will respond to probes.
Sometimes a host will respond to a problem with RSETs. It's very, very
hard to configure a box in such a way that it's impossible to detect that
it's up and running.
Run sockstat and look at what's listening on your computer. Then see if
you can figure out how to get it to stop listening on those ports.
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list