thorben schroeder wrote: > the cisco network admission control system gives an adminitrator the > chance to check the clients, whether they have installed certain > patches / hotfixes. this check is not reliable. This is a known vulnerability of any system of NAC which trusts a client based agent. Since you cannot determine what program is running on the remote system, you cannot really trust what it is declaring. So, nothing really new in what you reported (you could also reverse engineer and write a client which answers the server exactly what it wants to hear). The point is knowing and accepting the unavoidable limits of such technologies. Stefano
