hmmm… could it be openvas?! just installed netbsd 6.1.4 aim i found on the aws community aims list… same thing..
just the possibility of both openvas and the hackarguardian service being both wrong is a bit too much of a coincidence for me… any thoughts? On Sun, Oct 5, 2014 at 3:21 PM, el kalin <ka...@el.net> wrote: > ok.. this is getting a bit ridiculous… > > just did a brand new install of the freebsd 9.3 aim on amazon… > > with nothing installed on it and only ssh open i get the same result when > scanning with openvas: > > "Summary: > The remote host accepts loose source routed IP packets. > The feature was designed for testing purpose. > An attacker may use it to circumvent poorly designed IP filtering > and exploit another flaw. However, it is not dangerous by itself. > Solution: > drop source routed packets on this host or on other ingress > routers or firewalls.' > > and by default: > # sysctl -a | grep accept_sourceroute > net.inet.ip.accept_sourceroute: 0 > > thing is the other machine - the bsd 10 - was scanned with the sameopen > vas setup and with a service called hackerguardian offered by a compony > called comodo. they sell that service as a pci compliance scan. both > machines are non compliant according to both the openvas scan and the > hackerguardian one… > > i can't be done with this job if i can't pass the pci scan… > > i'd appreciate any help… > > thanks... > > > now what? > > > > > > > On Sun, Oct 5, 2014 at 1:09 PM, el kalin <ka...@el.net> wrote: > >> thanks brandon… but that didn't help…. >> >> i still get the same result… >> >> i guess i'd report this as a bug… >> >> >> On Sun, Oct 5, 2014 at 11:58 AM, Brandon Vincent <brandon.vinc...@asu.edu >> > wrote: >> >>> On Sun, Oct 5, 2014 at 8:33 AM, el kalin <ka...@el.net> wrote: >>> > should is submit this as a bug? >>> >>> Can you first try adding "set block-policy return" to pf.conf? OpenVAS >>> might be assuming that a lack of response from your system to source >>> routed packets is an acknowledgement that it is accepting them. >>> >>> Brandon Vincent >>> >> >> > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
