SP2 and Vulnerability Scanners

[Nancy Kafer]

I'm not sure which group to post this to, thus the cross-posting.

I am getting ready to upgrade my laptop to Windows XP (from Win 2K
Professional). However, one thing that is keeping me from performing the
upgrade is the fact that from everything I've read SP2 breaks vulnerability
scanners because of the Internet Firewall. We have contacted one of our
vendors and they have told us that vulnerability scanners will not work with
SP2 because the Internet Firewall closes ports necessary for scanners to
run. We have tried turning off the firewall to test but the scanner still
won't work.

Has anyone successfully used a vulnerability scanner with SP2? If so, what
scanner are you using and what tweaks (if any) did you have to do perform to
get the scanner to work?

Thanks.

Nancy

 

[Matt Gibson]

I've used nmap and retina with no problems.

Which scanner are you having a problem with?

Remember, the XP2 firewall does NOT block outbound packets.

Matt Gibson - GSEC

 

[Nancy Kafer]

We have Foundstone's scanner on one machine. I use Nessus (installed on a
Linux VMWare machine), N-Stealth and nmap.

 

[Matt Gibson]

And all those are having problems?

Matt Gibson - GSEC

 

[Sean Massey]

I'm not sure which group to post this to, thus the cross-posting.

I am getting ready to upgrade my laptop to Windows XP (from Win 2K
Professional). However, one thing that is keeping me from performing the
upgrade is the fact that from everything I've read SP2 breaks vulnerability
scanners because of the Internet Firewall. We have contacted one of our
vendors and they have told us that vulnerability scanners will not work with
SP2 because the Internet Firewall closes ports necessary for scanners to
run. We have tried turning off the firewall to test but the scanner still
won't work.

If you have a different firewall that you already use and you know works
with your vulnerability scanners, you can always turn the Windows
Internet Firewall off.

 

[Robert Moir]

We have
contacted one of our vendors and they have told us that vulnerability
scanners will not work with SP2 because the Internet Firewall closes
ports necessary for scanners to run. We have tried turning off the
firewall to test but the scanner still won't work.

If you turn the firewall off then clearly it can't be causing you any
problems. Any problems you encounter after switching off the firewall are
caused by something else.


--

 

[Nancy Kafer]

We haven't actually tested Nessus or N-Stealth yet. We talked to Foundstone
and they told us their scanner wouldn't work because of the way SP2 firewall
works. Basically this question came up when our other network administrator
was setting up his new laptop. We didn't have any issues prior to this
because the laptops with these scanners installed were both Win 2000
Professional. I want to make sure we'll still be able to use our
vulnerability scanning software before I upgrade my machine to Win XP SP2.

 

[Robert Moir]

We haven't actually tested Nessus or N-Stealth yet. We talked to
Foundstone and they told us their scanner wouldn't work because of
the way SP2 firewall works. Basically this question came up when our
other network administrator was setting up his new laptop. We didn't
have any issues prior to this because the laptops with these scanners
installed were both Win 2000 Professional. I want to make sure we'll
still be able to use our vulnerability scanning software before I
upgrade my machine to Win XP SP2.

Are they the people who are claiming that the firewall still kills their
product even when its switched off?

 

[Philippe L. Balmanno]

When I tried cox communications security software it had a problem with SP2
firewall. I had kept my previous firewall (sygate), AV etc... and those two
(SP2 & sygate) have no conflicts.