--On December 19, 2008 11:32:51 PM -0600 Richard Yang
<kusanagiy...@gmail.com> wrote:
hi,
when i ran nessus against my bsd box, nessus can detect "the remote host
is
up".
i don't understand how nessus can detect it...
does anyone know how it is done?
thanx
There are several ways to detect if a host is up. Responses to icmp
packets is one. Almost all hosts will respond to pings unless they're
prevented by a firewall.
Another way is the type of response to a probe of a port. Sometimes
services will respond differently if they're firewalled than if they're
not listening on a particular port. Also, very few computers have no
ports at all listening. For example, most unix boxes will be running
syslogd and listening on port udp/514. That is the default for that
daemon. Unless you reconfigured syslogd to listen on localhost only, it
will respond to probes.
Sometimes a host will respond to a problem with RSETs. It's very, very
hard to configure a box in such a way that it's impossible to detect that
it's up and running.
Run sockstat and look at what's listening on your computer. Then see if
you can figure out how to get it to stop listening on those ports.
Paul Schmehl (pa...@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
