-------------------------------------------------------------------------------- Scan Levels The preset scan levels determine which scans are performed. Light Scan No checks for vulnerabilities are selected; hosts are only scanned for available services. - unauthorized access - access denied - not found - error - unknown - has moved - sorry - illegal request - password - x-sender - incorrect - not a valid - try again - transfer interrupted Medium Scan This scan performs all the checking of the light scan plus: - NFS Exports - NFS Portmapper Export Check - RPC Rexd Check - RPC Wall Check - RPC Selection_svc Check - RPC Admind Check - RPC Boot Param Check - RPC X25 Check - RPC SNMP Check - RPC NIS Check - RPC Rstat Check - Sendmail Remote Execution Check - Sendmail Identd Check - FTP Site Exec Check - Rlogin Check - Rsh Check - TFTP Checks - HTTP Check - X Window System Check - Password File Grab Option Heavy Scan This scan performs all the checking of the medium scan plus: - Scan Always option is enabled - Scan RPC/UDP as Backup Option is enabled - NFS CD Bug Check - NFS Mknod Check - RPC Full Domain Guess - Sendmail Aliases Check - FTP MkDir Check - FTP CD Bug Check - FTP Writeability of all Files Check - Default RSH Check - Default Miscellaneous Check - Default UNIX Check - Default Login Names Check - Finger Checks - Ruser Checks Full Scan This scan performs all the checking of the heavy scan plus: - Scan RPC/UDP Always Option is enabled - NFS/Sun filehandle Guess Check - Sendmail Wizard Backdoor Check - Sendmail Debug mode Check - Default FTP Check - Default Rexec Check - Default Telnet Check - Default VMS Check - Default Real Names Check - Default Backward Option Enabled - Finger Names Check - UDP Bomb Attack Check -------------------------------------------------------------------------------- Running a Scan From the Command Line The scan engine binary is called iss. The command line syntax is: iss [-a [hosts]] [-b] [-c config_file] [-k key_file] [-o output_file] [-t host_file] [-v] [ranges] Parameters: -a shows licensing information. Include the literal hosts to show which hosts are currently registered. -b runs the scan in the background. -c config_file specifies the configuration file to use. (Default: iss.config) -k key_file specifies the key file to use. (Default: iss.key) -o output_file directs output to specified file. (Default: Standard Output) -t host_file scans using this host file. -v turns off verbose mode. ranges represents a comma separated list of individual hosts and host ranges or names. Example: 127.0.0.5, 127.10.10.7-127.10.10.25 Command line options override any settings in the configuration file if it is specified. The output file you specify will later be used by the analyzer to generate several different reports for you to use. Once the scan is completed, you need to run the Analyzer. -------------------------------------------------------------------------------- Using Listdomain In order to generate a list of machines in your network, a script called listdomain is included with SAFEsuite. This script allows you to easily grab the whole list of machines from the name server and put them in a file that the SAFEsuite engine can easily read using the -t (host file) option. Syntax: listdomain [-hostinfo] [-norecurse] [-altformat] domain_name Options: -hostinfo lists machine host information for the domain. Domain Name Server must have host information included. -norecurse does not recurse subnets of domain_name. -altformat uses an alternative format in the output file. The alternative format is: host ip#. The default format is: ip# host.domain. Here is an example of the output of file insecure.net: ### Domain insecure.net 256.1.1.1 hosta.insecure.net 256.1.1.2 hostb.insecure.net 256.1.1.3 hostc.insecure.net 256.1.1.4 hostd.insecure.net 256.0.0.1 localhost.insecure.net 256.1.1.5 hostf.insecure.net Output is written to a file with the same name as the domain scanned, such as insecure.net. --------------------------------------------------------------------------------