Symlink Attack

chort · 02-09-2009, 01:47 PM

Using Windows tools to audit Linux software is still "Linux Security", no?

unSpawn · 02-09-2009, 04:48 PM

Quote:

Originally Posted by chort

Using Windows tools to audit Linux software is still "Linux Security", no?

Heh, you've been here long enough to know what goes, right. I'm just making sure the scope stays trained on the right target.

mike2010 · 02-09-2009, 11:49 PM

So theres noway to get this "Dangerous" scan with Nessus ?

unixfool · 02-10-2009, 07:51 AM

Quote:

Originally Posted by mike2010

So theres noway to get this "Dangerous" scan with Nessus ?

Nessus/Tenable has a mailing list dedicated to the product. I believe they also have support pages (support pages probably aren't freely available for the payware product, though).

Your Nessus (Win32 or *nix) client should have 'danger' options within its configuration.

Better yet:

http://letmegooglethatforyou.com/?q=...gerous+plugins

nx5000 · 02-10-2009, 12:50 PM

I did not read the whole post but if you have had a lot of http processes then clearly it was not a syn flood, otherwise I think it would have stayed at kernel level ?

There are other attacks against TCP. Some are 8 years old and still working.

You need the full traffic log to know what happened.
At least, leave syncookies enabled.

nx5000 · 02-11-2009, 05:22 AM

You can try letdown which checks some of the attacks on TCP.
I did not want to post this yesterday as it can be used for malicious purpose but well..