Vulnerability assessment glitches and notes

• some vulnerability checks cause inadvertent denial-of-service
• can happen even if the target has a standard configuration
• nonstandard configuration: account lockout after failed login
• do we notify the system owner if exploit "probably" failed?
  • when we try exploit, their server goes away (core dump?)
  • for same exploit, many other machines give a root shell
  • are they actually running a non-vulnerable server version?
  • are they vulnerable to a modified version of the exploit?
  • we lack resources for notification of unconfirmed problems
• vulnerability checks thwarted by a personal firewall
  • (we don't forbid personal firewalls and may encourage them)
  • firewall sees one exploit and shuns all IP traffic from us
  • might be followed by false negatives on other exploit tries
  • they're vulnerable to attack that tries correct exploit first

Copyright 2000, Massachusetts Institute of Technology. All rights reserved.