Empty reports vary whether host is in same LAN than Nessus or not

To:	Nessus List <nessus@list.nessus.org>
Subject:	Empty reports vary whether host is in same LAN than Nessus or not
From:	Federico Petronio <petrus@activesec.biz>
Date:	Wed, 17 Jan 2007 15:23:26 -0300
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Organization:	Activesec
Sender:	nessus-bounces@list.nessus.org
User-agent:	Thunderbird 1.5.0.9 (Windows/20061207)

Hello list,

I would like to ask about a behavior I found in Nessus and that I am not
sure if it is the expected.

I am running Nessus 3.0.4 over Linux Debian 3.1 (Sarge) and setup two
different scans, (1) with a target in the same network that the Nessus
engine and the other (2) with the target in a different network. Both
target IPs are not in use, so Nessus will get no answer at all from any
of them.

After running the scans and getting the results in XML format I found
that the <results></results> section is completely empty for scan (2)
but for the scan (1) I get:

        <results>
        <result>
        <host name="10.1.0.201" ip="10.1.0.201"/>
                <date>
                        <start>Wed Jan 17 09:56:04 2007</start>
                        <end>Wed Jan 17 09:56:11 2007</end>
                </date>
        <ports>
                <port protocol="tcp">
                        <service name="general/tcp" method="nessus"
conf="3" />
                        <information>
                                <severity>Security Note</severity>
                                <id>10180</id>
                                <data>The remote host is considered as
dead - not scanning</data>
                        </information>
                </port>
        </ports>
        </result>
        </results>


Do you know why the difference? I guess it has to be with the fact that
the result for pinging both host is not the same: not event the ARP
request is answered for the local host, but packets to remote host are
directly sent to the default gateway.

I would like to get the same results for both cases, is that possible
with some configuration change?

Thank you!
-- 
                                        Federico Petronio
                                        petrus@activesec.biz
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Empty reports vary whether host is in same LAN than Nessus or not, Federico Petronio <= Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison Re: Empty reports vary whether host is in same LAN than Nessus or not, Federico Petronio

Previous by Date:	Re: Scanning Win2k with Nessus, Beau Nuanes
Next by Date:	Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison
Previous by Thread:	Nessus 3.0.5 released, Renaud Deraison
Next by Thread:	Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison
Indexes:	[Date] [Thread] [Top] [All Lists]