hi all…
i'm setting up a freebsd 10 on aws (amazon) to be as secure as possible…
i used openvas to scan it and pretty much everything is fine except this:
"The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent p
0
net.inet.ip.accept_sourceroute: 0
in /etc/defaults/rc.conf:
forward_sourceroute="NO"
accept_sourceroute="NO"
what am i missing? this is pretty important….
thanks…..
On Sat, Oct 4, 2014 at 11:46 PM, el kalin wrote:
>
> hi all…
>
> i'm setting up a fr
should is submit this as a bug?
On Sun, Oct 5, 2014 at 2:04 AM, el kalin wrote:
> hi again… i have disabled the icmp pings… same result...
>
> currently:
>
> /etc/pf.conf:
>
> tcp_in = "{ www, https }"
> udp = "{ domain, ntp, snmp }"
>
thanks brandon… but that didn't help….
i still get the same result…
i guess i'd report this as a bug…
On Sun, Oct 5, 2014 at 11:58 AM, Brandon Vincent
wrote:
> On Sun, Oct 5, 2014 at 8:33 AM, el kalin wrote:
> > should is submit this as a bug?
>
> Can you first try
o both the openvas scan and the hackerguardian
one…
i can't be done with this job if i can't pass the pci scan…
i'd appreciate any help…
thanks...
now what?
On Sun, Oct 5, 2014 at 1:09 PM, el kalin wrote:
> thanks brandon… but that didn't help….
>
> i sti
y a compony
> called comodo. they sell that service as a pci compliance scan. both
> machines are non compliant according to both the openvas scan and the
> hackerguardian one…
>
> i can't be done with this job if i can't pass the pci scan…
>
> i'd appreciate an
t.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0
>
> On 5 October 2014 13:22, el kalin wrote:
> > hmmm… could it be openvas?!
>
> OpenVAS is a fork of Nessus from when it was open source.
> HackerGuardian seems to use Nessus as the chief scanning engine.
i'm aware
