Everhart, Glenn
From:	Huger, Alfred [Alfred_Huger@NAI.COM]
Sent:	Thursday, February 11, 1999 1:07 PM
To:	BUGTRAQ@NETSPACE.ORG
Subject:	Re: ISS Internet Scanner Cannot be relied upon for conclusive Aud its
> -----Original Message-----
> From:	Casper Dik [SMTP:casper@HOLLAND.SUN.COM]
> Sent:	Tuesday, February 09, 1999 2:03 PM
> To:	BUGTRAQ@netspace.org
> Subject:	Re: ISS Internet Scanner Cannot be relied upon for
> conclusive Audits
>
> >Consider another interesting case - there are several sendmail exploits
> >(circa 8.6) which require hardware and platform-specific eggs.  We
> >obviously would have a hard time actually implementing these, and it
> would
> >be very difficult to make it reliable - so we do a banner check.
>
> Why do you need an egg?  Just stuffing down too much data down
> sendmail's throat will make it crash.  Connection closed - has bug.
>
>
	In fact this is precisely what CyberCop Scanner from NAI does when
checking buffer overflows in sendmail and elsewhere. FYI there was recently
a product review done on a 'head-to-head' basis between ISS's Scanner and
CyberCop Scanner. It may be worth the read given this thread.
http://www.infoworld.com/cgi-bin/displayTC.pl?/990208comp.htm