NeWT Security Scanner

PC Magazine had an article about this FREE security scanner. It will scan your
entire home network and give you some interesting information about security
holes and other weaknesses. Per the PCMag article it can also scan from outside
the network but that didn't work for me when I entered my WAN IP. (PC Magazine
printed version)
The free version is for "local networks only" (Class C)
www.tenablesecurity.com/products/newt.shtml
It is much more powerful than the free Microsoft security utility.

DanR wrote:
> PC Magazine had an article about this FREE security scanner. It will scan your
> entire home network and give you some interesting information about security
> holes and other weaknesses. Per the PCMag article it can also scan from outside
> the network but that didn't work for me when I entered my WAN IP. (PC Magazine
> printed version)
> The free version is for "local networks only" (Class C)
> www.tenablesecurity.com/products/newt.shtml
> It is much more powerful than the free Microsoft security utility.
>
>
>


NeWT is a windows version of Nessus the free version will only scan your
class C

If you want to scan outside of your Class C, buy a copy of NeWT or use
Nessus (*nix).

<http://www.nessus.org/>


Microsofts scanner can provide a great deal of useful info but is most
useful when you have admin rights to the machine

<http://www.microsoft.com/technet/security/tools/mbsahome.mspx>


John

John Mason Jr wrote:
> DanR wrote:
>> PC Magazine had an article about this FREE security scanner. It will scan
>> your entire home network and give you some interesting information about
>> security holes and other weaknesses. Per the PCMag article it can also scan
>> from outside the network but that didn't work for me when I entered my WAN
>> IP. (PC Magazine printed version)
>> The free version is for "local networks only" (Class C)
>> www.tenablesecurity.com/products/newt.shtml
>> It is much more powerful than the free Microsoft security utility.
>>
>>
>>
>
>
> NeWT is a windows version of Nessus the free version will only scan your
> class C
>
> If you want to scan outside of your Class C, buy a copy of NeWT or use
> Nessus (*nix).
>
> <http://www.nessus.org/>
>
>
> Microsofts scanner can provide a great deal of useful info but is most
> useful when you have admin rights to the machine
>
> <http://www.microsoft.com/technet/security/tools/mbsahome.mspx>
>
>
> John

John, have you ever had NeWT on any of your computers? I am running a virus scan
of my computer for the first time since loading the NeWT program. It is taking
hours and hours to get through the \plugins\scripts folder. There are over 8,000
small files in that folder but the real problem is that it is taking Norton AV
2004 over a minute per file. That's about 5.5 days to get through that folder. I
noticed when I downloaded the setup file that Norton AV was taking forever to
scan the incoming file and I had to "skip" that scan. Just curious about this.

On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:

>John, have you ever had NeWT on any of your computers? I am running a virus scan
>of my computer for the first time since loading the NeWT program. It is taking
>hours and hours to get through the \plugins\scripts folder. There are over 8,000
>small files in that folder but the real problem is that it is taking Norton AV
>2004 over a minute per file. That's about 5.5 days to get through that folder. I
>noticed when I downloaded the setup file that Norton AV was taking forever to
>scan the incoming file and I had to "skip" that scan. Just curious about this.

8000 files? I count 1227 files in:
c:\program files\tenable\newt\plugins\scripts\
It took AVG Free virus scanner about 15 seconds to scan all of them.
I did a plugin update first to be sure I didn't miss any.
Where did you find 8000 plugins?

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff Liebermann wrote:
> On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:
>
>> John, have you ever had NeWT on any of your computers? I am running a virus
>> scan of my computer for the first time since loading the NeWT program. It is
>> taking hours and hours to get through the \plugins\scripts folder. There are
>> over 8,000 small files in that folder but the real problem is that it is
>> taking Norton AV 2004 over a minute per file. That's about 5.5 days to get
>> through that folder. I noticed when I downloaded the setup file that Norton
>> AV was taking forever to scan the incoming file and I had to "skip" that
>> scan. Just curious about this.
>
> 8000 files? I count 1227 files in:
> c:\program files\tenable\newt\plugins\scripts\
> It took AVG Free virus scanner about 15 seconds to scan all of them.
> I did a plugin update first to be sure I didn't miss any.
> Where did you find 8000 plugins?

I downloaded the NeWT program a couple of weeks ago from
www.tenablesecurity.com/products/newt.shtml
Had to fill out form, wait for email with access code to plugins, then get
program. After installing the program it asked if I wanted to do an update (I
think plug-in update) which I did. That is when the 8,000 files came streaming
in.
I did some testing today. The file plugin.tar.ge (size 3,242KB) in the plugins
folder takes forever for my NAV to scan. Apparently this is a compressed zip
like file. (many files within one file) I gave up after half hour or so. NAV
quickly scanned 6,500 of the files then slowly got to 6,800 but I aborted. (I
have NAV set to scan within compressed files) I copied this file to another
computer with AVG Free and it scanned it in a second. But only saw it as one
file.
Now here is something even more strange. There is ONE file in the scripts folder
that seems to literally take forever for NAV to scan. It is not large and as of
now (still running on another computer) NAV has been scanning it for almost 4
hours. It has slowly scanned 188 files within that file. There is constant disk
activity. I'm afraid to even mention the name here on this public group because
it might be a denial of service type file. I have more details on this file and
can post them here if you think that is OK or email to directly at the address
at the bottom of your posts.

DanR wrote:
> Jeff Liebermann wrote:
>
>>On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:
>>
>>
>>>John, have you ever had NeWT on any of your computers? I am running a virus
>>>scan of my computer for the first time since loading the NeWT program. It is
>>>taking hours and hours to get through the \plugins\scripts folder. There are
>>>over 8,000 small files in that folder but the real problem is that it is
>>>taking Norton AV 2004 over a minute per file. That's about 5.5 days to get
>>>through that folder. I noticed when I downloaded the setup file that Norton
>>>AV was taking forever to scan the incoming file and I had to "skip" that
>>>scan. Just curious about this.
>>
>>8000 files? I count 1227 files in:
>> c:\program files\tenable\newt\plugins\scripts\
>>It took AVG Free virus scanner about 15 seconds to scan all of them.
>>I did a plugin update first to be sure I didn't miss any.
>>Where did you find 8000 plugins?
>
>
> I downloaded the NeWT program a couple of weeks ago from
> www.tenablesecurity.com/products/newt.shtml
> Had to fill out form, wait for email with access code to plugins, then get
> program. After installing the program it asked if I wanted to do an update (I
> think plug-in update) which I did. That is when the 8,000 files came streaming
> in.
> I did some testing today. The file plugin.tar.ge (size 3,242KB) in the plugins
> folder takes forever for my NAV to scan. Apparently this is a compressed zip
> like file. (many files within one file) I gave up after half hour or so. NAV
> quickly scanned 6,500 of the files then slowly got to 6,800 but I aborted. (I
> have NAV set to scan within compressed files) I copied this file to another
> computer with AVG Free and it scanned it in a second. But only saw it as one
> file.
> Now here is something even more strange. There is ONE file in the scripts folder
> that seems to literally take forever for NAV to scan. It is not large and as of
> now (still running on another computer) NAV has been scanning it for almost 4
> hours. It has slowly scanned 188 files within that file. There is constant disk
> activity. I'm afraid to even mention the name here on this public group because
> it might be a denial of service type file. I have more details on this file and
> can post them here if you think that is OK or email to directly at the address
> at the bottom of your posts.
>
>
>


I've noticed some slowness in scanning the NeWT folder, I'll try some
tests to try to determine the cause. WHen I can get some more data I'll
forward it to Tenable.


John

John Mason Jr wrote:
> DanR wrote:
>> Jeff Liebermann wrote:
>>
>>> On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:
>>>
>>>
>>>> John, have you ever had NeWT on any of your computers? I am running a virus
>>>> scan of my computer for the first time since loading the NeWT program. It
>>>> is taking hours and hours to get through the \plugins\scripts folder.
>>>> There are over 8,000 small files in that folder but the real problem is
>>>> that it is taking Norton AV 2004 over a minute per file. That's about 5.5
>>>> days to get through that folder. I noticed when I downloaded the setup
>>>> file that Norton AV was taking forever to scan the incoming file and I had
>>>> to "skip" that scan. Just curious about this.
>>>
>>> 8000 files? I count 1227 files in:
>>> c:\program files\tenable\newt\plugins\scripts\
>>> It took AVG Free virus scanner about 15 seconds to scan all of them.
>>> I did a plugin update first to be sure I didn't miss any.
>>> Where did you find 8000 plugins?
>>
>>
>> I downloaded the NeWT program a couple of weeks ago from
>> www.tenablesecurity.com/products/newt.shtml
>> Had to fill out form, wait for email with access code to plugins, then get
>> program. After installing the program it asked if I wanted to do an update (I
>> think plug-in update) which I did. That is when the 8,000 files came
>> streaming in.
>> I did some testing today. The file plugin.tar.ge (size 3,242KB) in the
>> plugins folder takes forever for my NAV to scan. Apparently this is a
>> compressed zip like file. (many files within one file) I gave up after half
>> hour or so. NAV quickly scanned 6,500 of the files then slowly got to 6,800
>> but I aborted. (I have NAV set to scan within compressed files) I copied
>> this file to another computer with AVG Free and it scanned it in a second.
>> But only saw it as one file.
>> Now here is something even more strange. There is ONE file in the scripts
>> folder that seems to literally take forever for NAV to scan. It is not large
>> and as of now (still running on another computer) NAV has been scanning it
>> for almost 4 hours. It has slowly scanned 188 files within that file. There
>> is constant disk activity. I'm afraid to even mention the name here on this
>> public group because it might be a denial of service type file. I have more
>> details on this file and can post them here if you think that is OK or email
>> to directly at the address at the bottom of your posts.
>>
>>
>>
>
>
> I've noticed some slowness in scanning the NeWT folder, I'll try some
> tests to try to determine the cause. WHen I can get some more data I'll
> forward it to Tenable.
>
>
> John

I've done some more research and it looks like DoS.

DanR wrote:
> John Mason Jr wrote:
>
>>DanR wrote:
>>
>>>Jeff Liebermann wrote:
>>>
>>>
>>>>On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:
>>>>
>>>>
>>>>
>>>>>John, have you ever had NeWT on any of your computers? I am running a virus
>>>>>scan of my computer for the first time since loading the NeWT program. It
>>>>>is taking hours and hours to get through the \plugins\scripts folder.
>>>>>There are over 8,000 small files in that folder but the real problem is
>>>>>that it is taking Norton AV 2004 over a minute per file. That's about 5.5
>>>>>days to get through that folder. I noticed when I downloaded the setup
>>>>>file that Norton AV was taking forever to scan the incoming file and I had
>>>>>to "skip" that scan. Just curious about this.
>>>>
>>>>8000 files? I count 1227 files in:
>>>> c:\program files\tenable\newt\plugins\scripts\
>>>>It took AVG Free virus scanner about 15 seconds to scan all of them.
>>>>I did a plugin update first to be sure I didn't miss any.
>>>>Where did you find 8000 plugins?
>>>
>>>
>>>I downloaded the NeWT program a couple of weeks ago from
>>>www.tenablesecurity.com/products/newt.shtml
>>>Had to fill out form, wait for email with access code to plugins, then get
>>>program. After installing the program it asked if I wanted to do an update (I
>>>think plug-in update) which I did. That is when the 8,000 files came
>>>streaming in.
>>>I did some testing today. The file plugin.tar.ge (size 3,242KB) in the
>>>plugins folder takes forever for my NAV to scan. Apparently this is a
>>>compressed zip like file. (many files within one file) I gave up after half
>>>hour or so. NAV quickly scanned 6,500 of the files then slowly got to 6,800
>>>but I aborted. (I have NAV set to scan within compressed files) I copied
>>>this file to another computer with AVG Free and it scanned it in a second.
>>>But only saw it as one file.
>>>Now here is something even more strange. There is ONE file in the scripts
>>>folder that seems to literally take forever for NAV to scan. It is not large
>>>and as of now (still running on another computer) NAV has been scanning it
>>>for almost 4 hours. It has slowly scanned 188 files within that file. There
>>>is constant disk activity. I'm afraid to even mention the name here on this
>>>public group because it might be a denial of service type file. I have more
>>>details on this file and can post them here if you think that is OK or email
>>>to directly at the address at the bottom of your posts.
>>>
>>>
>>>
>>
>>
>>I've noticed some slowness in scanning the NeWT folder, I'll try some
>>tests to try to determine the cause. WHen I can get some more data I'll
>>forward it to Tenable.
>>
>>
>>John
>
>
> I've done some more research and it looks like DoS.
>
>
>

Looks like a bug in the handling of compressed files by Norton


John

John Mason Jr wrote:
> DanR wrote:
>> John Mason Jr wrote:
>>
>>> DanR wrote:
>>>
>>>> Jeff Liebermann wrote:
>>>>
>>>>
>>>>> On Tue, 05 Jul 2005 06:13:42 GMT, "DanR" <(E-Mail Removed)> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> John, have you ever had NeWT on any of your computers? I am running a
>>>>>> virus scan of my computer for the first time since loading the NeWT
>>>>>> program. It is taking hours and hours to get through the
>>>>>> \plugins\scripts folder. There are over 8,000 small files in that folder
>>>>>> but the real problem is that it is taking Norton AV 2004 over a minute
>>>>>> per file. That's about 5.5 days to get through that folder. I noticed
>>>>>> when I downloaded the setup file that Norton AV was taking forever to
>>>>>> scan the incoming file and I had to "skip" that scan. Just curious about
>>>>>> this.
>>>>>
>>>>> 8000 files? I count 1227 files in:
>>>>> c:\program files\tenable\newt\plugins\scripts\
>>>>> It took AVG Free virus scanner about 15 seconds to scan all of them.
>>>>> I did a plugin update first to be sure I didn't miss any.
>>>>> Where did you find 8000 plugins?
>>>>
>>>>
>>>> I downloaded the NeWT program a couple of weeks ago from
>>>> www.tenablesecurity.com/products/newt.shtml
>>>> Had to fill out form, wait for email with access code to plugins, then get
>>>> program. After installing the program it asked if I wanted to do an update
>>>> (I think plug-in update) which I did. That is when the 8,000 files came
>>>> streaming in.
>>>> I did some testing today. The file plugin.tar.ge (size 3,242KB) in the
>>>> plugins folder takes forever for my NAV to scan. Apparently this is a
>>>> compressed zip like file. (many files within one file) I gave up after half
>>>> hour or so. NAV quickly scanned 6,500 of the files then slowly got to 6,800
>>>> but I aborted. (I have NAV set to scan within compressed files) I copied
>>>> this file to another computer with AVG Free and it scanned it in a second.
>>>> But only saw it as one file.
>>>> Now here is something even more strange. There is ONE file in the scripts
>>>> folder that seems to literally take forever for NAV to scan. It is not
>>>> large and as of now (still running on another computer) NAV has been
>>>> scanning it for almost 4 hours. It has slowly scanned 188 files within
>>>> that file. There is constant disk activity. I'm afraid to even mention the
>>>> name here on this public group because it might be a denial of service
>>>> type file. I have more details on this file and can post them here if you
>>>> think that is OK or email to directly at the address at the bottom of your
>>>> posts.
>>>>
>>>>
>>>>
>>>
>>>
>>> I've noticed some slowness in scanning the NeWT folder, I'll try some
>>> tests to try to determine the cause. WHen I can get some more data I'll
>>> forward it to Tenable.
>>>
>>>
>>> John
>>
>>
>> I've done some more research and it looks like DoS.
>>
>>
>>
>
> Looks like a bug in the handling of compressed files by Norton
>
>
> John

Looks like a compression bomb to me. One quote from a site I found.
"maliciously coded compressed files such as '42.zip', a "ZIP archive, 42K,
composed of nested zips (nested 6 levels deep, each level 17 wide) - produces a
file 4GB in size"
The file I have in the "scripts" folder is named smtp_AV_42zip_DoS.nasl (121.KB)
NAV tried for 4 hours to scan this file and I finally aborted. I also suspect
this same file is imbedded within a file named plugin.tar.gz (size 3,242KB) In
earlier post I had typo in file extension. Apparently these files can cause
anti-virus programs to blow up. Say you email this file to a company that virus
checks all incoming email. Could cause problems.
I wasn't sure about talking about this here but this info is out there on the
WWW. See here:
http://cvsweb.hlfl.org/cgi-bin/cvswe....nasl?rev=1.10
John or Jeff... do you have these 2 files in your NeWT folders? Or was I just
lucky? When I tell NAV to exclude these 2 files the scan performs normally.
Also see this:
http://www.securityfocus.com/bid/3027/exploit/

On Tue, 05 Jul 2005 20:30:36 GMT, "DanR" <(E-Mail Removed)> wrote:

>I downloaded the NeWT program a couple of weeks ago from
>www.tenablesecurity.com/products/newt.shtml
>Had to fill out form, wait for email with access code to plugins, then get
>program. After installing the program it asked if I wanted to do an update (I
>think plug-in update) which I did. That is when the 8,000 files came streaming
>in.

Oops. I got interrupted and forgot to register. After I registered,
I got 8210 plugins. When I scanned the ..\plugin directory with AVG
Free 7.0.323, it took only about 2 minutes on my PIII-933 with 256MB
running W2KSP4. Methinks NAV is having a problem.

>I did some testing today. The file plugin.tar.ge (size 3,242KB) in the plugins
>folder takes forever for my NAV to scan.

It's ..\plugin\plugin.tar.gz and AVG Free takes about 2 seconds to
scan it. Probably because it's not scanning the files inside the
Gzipped archive. It's set to "scan inside archives" but apparently is
not scanning this one. Oh-oh.

So, I un-gzipped it to a 25.6MByte plugin.tar file and tried again.
Same thing. Takes about 2 seconds and claims it only scanned one
file. Aparently, Free AVG doesn't scan inside tar or tar.gz archives.

So, I created something that I knew it would scan. I took the 8210
files and conglomerated them into a 9.4MB ZIP file. AVG did scan the
8000 files inside the ZIP compressed archive in 1 min 30 seconds.
Methinks your NAV is busted. Any chance you have "Norton's
inoculation" feature turned on? That's where they run an MD5sum on
every file to see if it has been modified. That takes literally
forever inside compressed archives.

I'm not going to say anything about a company the delivers a product
that stores both the unarchived files, as well as the compressed
archives. I guess diskspace and bloat are not an issue.

>Apparently this is a compressed zip
>like file. (many files within one file) I gave up after half hour or so. NAV
>quickly scanned 6,500 of the files then slowly got to 6,800 but I aborted. (I
>have NAV set to scan within compressed files) I copied this file to another
>computer with AVG Free and it scanned it in a second. But only saw it as one
>file.

Yep. Exactly as I described above. Not good either way.

When I scan with Free AVG just the ..\plugin\scripts\ directory, it
only takes about 2 minutes.

>Now here is something even more strange. There is ONE file in the scripts folder
>that seems to literally take forever for NAV to scan. It is not large and as of
>now (still running on another computer) NAV has been scanning it for almost 4
>hours. It has slowly scanned 188 files within that file. There is constant disk
>activity. I'm afraid to even mention the name here on this public group because
>it might be a denial of service type file. I have more details on this file and
>can post them here if you think that is OK or email to directly at the address
>at the bottom of your posts.

Sure. Feel free to email. This is interesting. However, don't
expect an instant reply. I just spent part of the day on an 80ft
tower and really feel the traditional aches and pains.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558