[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Request to interrupt Internet Scanner on long scan?



Gary

See answers below.

Jean Paul

-----Original Message-----
From: Gary Love [mailto:garylove@xxxxxxxx] 
Sent: Thursday, November 18, 2004 9:38 PM
To: issforum@xxxxxxxxxxxxxxxx
Cc: Ballerini, Jean Paul (ISS EMEA)
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

I've submitted a couple of enhancement requests.  I'm wondering if
they've
been incorporated in the next release:

Enhancement ID: 418
Product: ISFSWS (Internet Scanner)
"During scan, when target hosts are shut down or taken off line, scanner
doesn't detect and continues scanning.  Scanning slows down to a crawl
as
each check has to time out.   It would be nice if there was some kind of
a
"heartbeat" ping that could alert console window that target host can no
longer be pinged."

Have not received Enhancement ID on this one:
3 related problems:
1) When a host is scanned and no vulnerabilities are found, the report
that gets generated treats such a host as if it were not scanned.  No
mention is made of it such as "Host XYZ was not found to be vulnerable
for
any of the selected checks".

[Jean Paul Ballerini (ISS EMEA)] We only show vulnerable hosts in our
scans. We do not show not vulnerable hosts. However, you would see them
in user reports or Operating system reports

2) When a host is supposed to be scanned but is unreachable, the report
doesn't mention that this occurred.

[Jean Paul Ballerini (ISS EMEA)] You can scan a host list but if it is
unreachable the only place you will see it is in the OS reports.

3) When a host is reachable and scanned but a firewall has blocked some
of
the ports, the report doesn't mention that this has occurred.

[Jean Paul Ballerini (ISS EMEA)] Scanner does not know what ports your
firewall is blocking and will report what responses it gets back from
the target host. As a matter of scanning procedure we recommend and
iterative approach to scanning to take into consideration hosts that are
offline during any particular scan.

As a result, when we scan several hosts at a time, and then review the
report, it is hard to tell if the absence of data on host XYZ means
there
were no vulnerabilities or if XYZ wasn't reachable. This has the
potential
of causing a vulnerable but off-line host to be missed.


Gary Love garylove@xxxxxxxx
SAIC Enterprise Security Solutions

-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On
Behalf
Of Ballerini, Jean Paul (ISS EMEA)
Sent: Thursday, November 18, 2004 5:33 AM
To: McCash, John; issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?


Yes.
And there will be a progress bar.

Jean Paul

-----Original Message-----
From: issforum-bounces@xxxxxxxxxxxxxxxx On Behalf Of McCash, John
Sent: Wednesday, November 17, 2004 7:19 PM
To: issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

I'm interested in this as well. Will we be able to manage it through the
siteprotector console?
		Thanks
			John McCash

-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On
Behalf
Of Ballerini, Jean Paul (ISS EMEA)
Sent: Wednesday, November 17, 2004 2:09 AM
To: Dan Widger; issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?

This is coming in SP2 for Internet Scanner in February.

Jean Paul

-----Original Message-----
From: issforum-bounces@xxxxxxxxxxxxxxxx On Behalf Of Dan Widger
Sent: Monday, November 15, 2004 7:50 PM
To: issforum@xxxxxxxxxxxxxxxx
Subject: [ISSForum] Request to interrupt Internet Scanner on long scan?

Is there any means to enable whole ISS system, or any combination of the
parts of the ISS Scanner, to start a vulnerability scan, then <pause> a
scan, and then continue?



What I have in mind is a long scan that can only be run from Time:Start
(e.g. 2 a.m.) to Time:End on (4 a.m.), and to pick up where it left off
at
and the next Time:Start, in a continuous cycle, until the scan is done?



Dan Widger

Security Engr

713\892-3471

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

------------------------------------------------------------------------
------------------------
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender immediately
and
delete the original.  Any unauthorized use of this email is prohibited.
------------------------------------------------------------------------
------------------------
[mf2]

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.