Footprints

The following footprints are generated by Internet Scanner during a scan:

Footprint Location

Description

Internet Scanner main windowNew Session Wizard - Specify Hosts dialog box

If you select Ping all valid hosts in your key range when you are configuring a scan, Internet Scanner generates a footprint with the string ISSPNGRQ followed by the program requests. This footprint also occurs immediately before scanning the host. RealSecure can pick up this footprint and use the information in the footprint to identify the scanning host, the version of Internet Scanner you are running, and the key number you are using.

Policy EditorCommon SettingsNT Logon Sessions

The popup message sent by Internet Scanner contains the IP address of the scanning host, the login name of the user running the scan, and the license number for Internet Scanner. You can disable this message by clearing the check box in the Policy Editor.

To disable the popup message, follow these steps:

From the Internet Scanner main window, select PolicyEdit to select the policy that you want to edit.

Double-click the policy icon and click OK to display the Policy Editor.

In the Policy Editor, go to the folder tree and select Common SettingsNT Logon Sessions.

Clear the Send Message check box.

Go to PolicySave to save the policy’s settings.

Policy EditorVulnerabilitiesE-mail

The SMTP exploits will attempt to send a VRFY command identifying the operative license number, using VRFY X@ISS, where X replaces the license number. You may be able to disable this footprint by disabling the SMTP exploits. Also, if the scanned host is not running an SMTP server, a connection to the port will not be established and the footprint will not be sent.

Policy EditorVulnerabilitiesWeb Scan

The Web Scan exploits will leave a characteristic footprint by asking for the file Internet_Security_Scanner-Scanned_from_key_X, where X is the license key number. This footprint occurs if you have enabled the Web Scan exploits and the remote host is running the Web server.

Footprint Location	Description
Internet Scanner main windowNew Session Wizard - Specify Hosts dialog box	If you select Ping all valid hosts in your key range when you are configuring a scan, Internet Scanner generates a footprint with the string ISSPNGRQ followed by the program requests. This footprint also occurs immediately before scanning the host. RealSecure can pick up this footprint and use the information in the footprint to identify the scanning host, the version of Internet Scanner you are running, and the key number you are using.
Policy EditorCommon SettingsNT Logon Sessions	The popup message sent by Internet Scanner contains the IP address of the scanning host, the login name of the user running the scan, and the license number for Internet Scanner. You can disable this message by clearing the check box in the Policy Editor. To disable the popup message, follow these steps: From the Internet Scanner main window, select PolicyEdit to select the policy that you want to edit. Double-click the policy icon and click OK to display the Policy Editor. In the Policy Editor, go to the folder tree and select Common SettingsNT Logon Sessions. Clear the Send Message check box. Go to PolicySave to save the policy’s settings.
Policy EditorVulnerabilitiesE-mail	The SMTP exploits will attempt to send a VRFY command identifying the operative license number, using VRFY X@ISS, where X replaces the license number. You may be able to disable this footprint by disabling the SMTP exploits. Also, if the scanned host is not running an SMTP server, a connection to the port will not be established and the footprint will not be sent.
Policy EditorVulnerabilitiesWeb Scan	The Web Scan exploits will leave a characteristic footprint by asking for the file Internet_Security_Scanner-Scanned_from_key_X, where X is the license key number. This footprint occurs if you have enabled the Web Scan exploits and the remote host is running the Web server.