Filtering with N.S.S. 8.0
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Filtering with N.S.S. 8.0 - 9.Apr.2008 1:20:48 PM
|
|
|
ed gallagher
Posts: 3
Joined: 3.Mar.2006
Status: offline
|
I setup a scan to look for open ports which works fine, but I want to be able to filter so that I ONLY see suspicious ports i.e. ports that are not open by default like 139, 445 or 3389. Is there a way to setup a filter to show all open ports except for these?
thanks
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 15.Apr.2008 2:38:14 AM
|
|
|
Sven Berger
Posts: 184
Joined: 25.Feb.2008
Status: offline
|
Hi ed,
i think the problem here is the definition of "suspicious". Depending on the OS and the role that the machine is used for, there can be many more open ports than just "open by default" ones.
You COULD create a scanning profile that would only scan for those ports that are not open by default, but since there is currently no way to invert a selection of the port scanner (would be nice to have though, I feel another feature request coming on...) I'd suggest the following:
- run a complete port scan. This will return a list of all the open ports. Most of them are hopefully known to you as legitimate.
- create a new scanning profile based on the complete port scan and UNSELECT those that you know are legitimately open ports in your network. This way, such a scan will only ever return open Ports that you don't know as being "kosher".
_____________________________
Sven Berger
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 28.Apr.2008 2:46:13 PM
|
|
|
kderenard
Posts: 3
Joined: 28.Apr.2008
Status: offline
|
I am trying to run a scan that looks for shares with the "everyone" group. But if create a new filter and try to filter it by one of the choices I get no results, when I know the scan has some shares with everyone. Any ideas?
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 28.Apr.2008 3:18:20 PM
|
|
|
DrewE
Posts: 163
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
Could you please let us know what filter criteria you are using to to perform this check? Also, does GFI Languard Network Security Scanner accurately detect the shares without the filtering criteria?
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 28.Apr.2008 3:24:11 PM
|
|
|
kderenard
Posts: 3
Joined: 28.Apr.2008
Status: offline
|
Sure, I created a new filter under Results Filtering and for the Conditions I added where Group Is found 'Everyone'. That is the only Querie listed in the filter. If I remove it I get the full report including all the shares with and without Everyone.
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 28.Apr.2008 4:08:34 PM
|
|
|
DrewE
Posts: 163
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
The group criteria that you are using can only search if a certain group is found on the remote computer. Currently, it cannot be used to search the groups that a share can access. There is currently no filter criteria which allows you to search on which groups are allowed access to shares.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Filtering with N.S.S. 8.0 - 28.Apr.2008 4:12:04 PM
|
|
|
kderenard
Posts: 3
Joined: 28.Apr.2008
Status: offline
|
That stinks. Seems like a simple enough request.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
