Weblog entry — 2003-03-06 17:29:48

Mar 6, 2003

I've been playing around with Nessus. Boy can you get a lot of false positives with it, but it's fun to play with. You really need to know a little about what you're doing, for example it finds a flaw in my anonymous only OpenBSD ftpd(8) that got patched nearly 2 years ago, so a report can easily appear unnecessarily alarmist. That said, there are probably many unpatched servers left on the Internet ...

Apart from that I'm reading "Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition" by William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin. It is very good.

Last edited: May 1, 2016