We have our network scanned twice a year from an external source. The
last
time around I corrected, or so I thought, the holes that were found in
our
BM3.6sp2 [NW5.1sp5] box. This time around a couple of the "corrected"
holes
were still being found along with a new one, rated high: "cross site
scripting" [nss-2001-0027], and a new one, rated low: "find services
running" [nss-1996-0008]. Scratching my head on both of these.

The server is running the httpstk.nlm, loading in autoexec with a
certificate reference, but I don't know why it is needed for operation
of
the server. I would be happy to toss it and lose Compaq/HP's
administration
and monitoring [the only CPQ module that loads is cpqhlth.nlm],
especially
if it'll keep my management out of the computer room. Any insight
[Compaq
pun intended] as to what it does?

Cross-site scripting is another head scratcher 'cause the box isn't
providing web services. No nsweb, no apache, just that httpstk.nlm
mentioned earlier.

The returning vulnerabilities are traceroute information
[nss-1996-0001] and
non-random IP IDs [nss-1996-0004]. I installed the latest tcpip
stacks last
time around specifically to take care of this, tcp and tcpip.nlms
5.91o, but
they still appeared in the penetration report.

<Hi Craig, Hi Cat - didn't do Brainshare this year [I attended one of
your
presentations last year] but I assume you were back. Hope you had a
good
show. I'm sorry I missed all those linux announcements! />

Any clues appreciated greatly.
Fred