Nessus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Empty reports vary whether host is in same LAN than Nessus or not

from [Federico Petronio] [Permanent Link][Original]
To: Nessus List <nessus@list.nessus.org>
Subject: Re: Empty reports vary whether host is in same LAN than Nessus or not
From: Federico Petronio <petrus@activesec.biz>
Date: Thu, 18 Jan 2007 13:12:06 -0300
Delivered-to: sp-com-lists@consult.net
Delivered-to: nessus-list1@securepoint.com
Delivered-to: nessus@list.nessus.org
In-reply-to: <E55EED29-C47C-495D-91BA-4BDF19EC8A63@nessus.org>
List-archive: <http://mail.nessus.org/pipermail/nessus>
List-help: <mailto:nessus-request@list.nessus.org?subject=help>
List-id: Discussion of Nessus software <nessus.list.nessus.org>
List-post: <mailto:nessus@list.nessus.org>
List-subscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Organization: Activesec
References: <45AE699E.7030802@activesec.biz> <E55EED29-C47C-495D-91BA-4BDF19EC8A63@nessus.org>
Sender: nessus-bounces@list.nessus.org
User-agent: Thunderbird 1.5.0.9 (Windows/20061207) 
These are the ping related lines in my conf. file:

 Ping the remote host[entry]:TCP ping destination port(s) : =
21;22;23;25;53;79;80;110;111;113;119;135;139;143;264;265;389;443;444;445;636;993;995;1433;1454;1494;1720;1723;3128;3306;3389;5001;7100;7200;7409;8080;8000;9080;10060;10080
 Ping the remote host[checkbox]:Log live hosts in the report = no
 Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
 Ping the remote host[entry]:Number of retries (ICMP) : = 6
 Ping the remote host[checkbox]:Do an ARP ping = yes
 Ping the remote host[checkbox]:Do a TCP ping = yes
 Ping the remote host[checkbox]:Do an ICMP ping = yes
 Ping the remote host[checkbox]:Make the dead hosts appear in the report
= yes


Renaud Deraison wrote:
> 
> On Jan 17, 2007, at 7:23 PM, Federico Petronio wrote:
> 
>> Hello list,
>>
>> I would like to ask about a behavior I found in Nessus and that I am not
>> sure if it is the expected.
>>
>> I am running Nessus 3.0.4 over Linux Debian 3.1 (Sarge) and setup two
>> different scans, (1) with a target in the same network that the Nessus
>> engine and the other (2) with the target in a different network. Both
>> target IPs are not in use, so Nessus will get no answer at all from any
>> of them.
>>
>> After running the scans and getting the results in XML format I found
>> that the <results></results> section is completely empty for scan (2)
>> but for the scan (1) I get:
>> [...]
>>
>> Do you know why the difference? I guess it has to be with the fact that
>> the result for pinging both host is not the same: not event the ARP
>> request is answered for the local host, but packets to remote host are
>> directly sent to the default gateway.
> 
> It sounds like that you configured ping_host.nasl to solely do an ARP
> ping, which is only tried when the remote target is on the local LAN.
> 
> Enable TCP/UDP/ICMP ping in ping host and try again.
> 
> 
> 
>                 -- Renaud
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
> 


-- 
                                        Federico Petronio
                                        petrus@activesec.biz
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Plugin ID : 19552 Question, jfvanmeter
Next by Date:  Re: Plugin ID : 19552 Question, George A. Theall
Previous by Thread:  Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison
Next by Thread:  Invalid response file, Frank OSborne
Indexes:  [Date] [Thread] [Top] [All Lists]