Re: Port scan

[Michel Arboi <mikhail@nessus.org>]

On Tue, 23 Jan 2007 07:45:55 -0600
"Scott Pate" <spate@Spohncentral.com> wrote:

> I ran into this problem the other day running a port scan (1-65535)
> on a firewall (which dropped all packets - no open or closed ports)

Considering what happened, I suspect that your firewall does not "drop"
packets but rather "rejects" them with ICMP messages.

> When using nessus_tcp_scan, the 'portscan' status bar for the host
> would get all the way to the end, and then start over from the
> beginning.

Yes, that's normal. In some cases, nessus_tcp_scanner runs additionnal
passes.

> It did this for about 4 hours until I stopped it.

Mmmhhhh... Disappointing :(

> Is this expected behavior from these scanners? 

If this target IP really _drops_ all packets, definitely not. I'll
double check and keep you in touch anyway.
If it answers with ICMP messages which are often limited (8 / s on
Linux), the scanners can be awfully slow.
 
Any idea on the remote host OS and packet filter?
Which was the value of max_check?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus