RE: ISA2004 Vulnerability

• From: "Alexandre Gauthier" <gauthiera@xxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 17 Mar 2006 09:39:44 -0500

I think he means something like Nessus. Not "Vulnerabilities in the software" 
but rather "How bad is my configuration, have I missed something".

 

http://www.nessus.org/

 

If you don't have the resources to run Nessus from outside yourself, you can 
pick any of your run-off-the-mill Mickey Mouse Security Analysts firm, you know 
"Running automated scanners since 1984".

My current client uses Qualys Guard, it's run to scan two addresses during the 
weekend and mail me the reports on Monday. It is slightly more evolved than 
Nessus on some regards, but it also moans about non-issues such as "ZOMG YOU 
USE NTLM WE AER DOOMED!!!1" and the like.

 

http://www.qualys.com/

 

But overall the reports are neat, and you can print one for the pointy haired 
bosses with almost no tech details, and one with all the nasty gritty details 
and workarounds and external references for the techies if you want.

 

I'd like to mention that an abrasive, aggressive, unpolite Nessus scan used to 
crash our J2EE server due to the long strings and garbage it would feed your 
URL to check how tight you are.

 

... of course for just a matter of "is such and such port accepting 
connections" you can pay a visit to our alarmist friend Steve Gibson and his 
scary mustache:

 

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Just *don't* read the banter on the website. It will make your brain melt. 
"hidden internet server inside your PC" is not the way I'd describe netbios and 
smb/cifs.

 

--

Alexandre Gauthier

Analyste Réseau / Network Analyst

Québec Loisirs

253, boul. Décarie Nord

St-Laurent, Québec

Canada H4N 2L7

Tel: (514) 340-2964

 

________________________________

De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Envoyé : 16 mars 2006 22:56
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: ISA2004 Vulnerability

 

http://www.ISAserver.org

What vulnerabilities are you looking for?

 

Secunia reports ZERO.

 

Think you'll find some that the world's hackers haven't found yet?

 

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

         

        
________________________________


        From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] 
        Sent: Thursday, March 16, 2006 9:25 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] ISA2004 Vulnerability

        http://www.ISAserver.org

        Hi Everyone,

         

        Is there a tool to test the vulnerability of ISA2004 from External?

         

        Thanks,

         

        Mykel

         

        DISCLAIMER:
        This Message may contain confidential information intended only for the 
use of the addressee named above. If you are not the intended recipient of this 
message you are hereby notified that any use, dissemination, distribution or 
reproduction of this message is prohibited. If you received this message in 
error please notify your Mail Administrator and delete this message 
immediately. Any views expressed in this message are those of the individual 
sender and may not necessarily reflect the views of GMA Network, Inc. 
------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability
• » RE: ISA2004 Vulnerability

1. Home
2. isalist
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---