Re: Empty reports vary whether host is in same LAN than Nessus or not

[Renaud Deraison <deraison@nessus.org>]

On Jan 17, 2007, at 7:23 PM, Federico Petronio wrote:

> Hello list,
>
> I would like to ask about a behavior I found in Nessus and that I  
> am not
> sure if it is the expected.
>
> I am running Nessus 3.0.4 over Linux Debian 3.1 (Sarge) and setup two
> different scans, (1) with a target in the same network that the Nessus
> engine and the other (2) with the target in a different network. Both
> target IPs are not in use, so Nessus will get no answer at all from  
> any
> of them.
>
> After running the scans and getting the results in XML format I found
> that the <results></results> section is completely empty for scan (2)
> but for the scan (1) I get:
> [...]
>
> Do you know why the difference? I guess it has to be with the fact  
> that
> the result for pinging both host is not the same: not event the ARP
> request is answered for the local host, but packets to remote host are
> directly sent to the default gateway.
It sounds like that you configured ping_host.nasl to solely do an ARP  
ping, which is only tried when the remote target is on the local LAN.
Enable TCP/UDP/ICMP ping in ping host and try again.



                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus