radmin_detect.nasl patched to avoid HP-UX snmpdm issues
Crow, Owen
Owen_Crow at bmc.com
Wed Sep 24 15:13:20 EDT 2003
I assume that's what this patch is for:
radmin_detect.nasl
Status: changed
Id: 11123
Name: radmin detection
Family: Backdoors
Category: infos
Summary: Detect radmin
Version: 1.4
CVE-ID(s): n/a
Changes:
12- script_version ("$Revision: 1.3 $");
12+ script_version ("$Revision: 1.4 $");
--------
44- port = get_kb_item("Services/unknown");
45- if (! port) port=4899;
44+ if(safe_checks())
45+ {
46+ port = 4899;
47+ }
48+ else
49+ {
50+ port = get_kb_item("Services/unknown");
51+ if (! port) port=4899;
52+ }
--------
97+
98+
--------
First, thanks!
Second, I'm hoping to understand the why's. Before this patch,
radmin_detect would attempt to find a known backdoor (radmin) on any unknown
service (from find_service.nes?), right? So we have limited the
effectiveness of this script unless I can provide legitimate traffic so you
can identify snmpdm, right? I.e., the script won't be able to detect the
radmin backdoor if the attacker starts it on another port.
I'm still trying to get some legitimate traffic for you.
Thanks,
Owen
More information about the Nessus
mailing list