windows-based nessus ignores host exclusion rules

To:	Nessus@list.nessus.org
Subject:	windows-based nessus ignores host exclusion rules
From:	"test test" <partcrash@gmail.com>
Date:	Thu, 5 Apr 2007 14:28:54 -0400
Cc:
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	Nessus@list.nessus.org
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=Rt04aklwJppUdWsKeSXDruHpQH0w/LZFqrSuiJ3IONISb7R3L6wRRbXBmuiEangn+lb3P1k+Zbuup2Az7g5SzBxnMEkzRgntU1lPqao6TZ/ogpyfBFYd6CKaqnTlLWuLbBA8wBMpkMcEwR/fdrD1hl4E4lBIB9uU7p67QqKOlHo=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=gxG2SWiaBNUA8a28MindOvS/b5e+3SEPcIJwjXkNiFJynqaieX2oxXifhnoXPvgPjP60KcohesPT5pe7iWHo7W0qA55zxh/hsQ3vqJQbptzjW18/52YQ67hKdEBPDWfSUMk2Ki6YftIir/naGVuALtrHNZIPGrChqaDpJX0dAs4=
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Sender:	nessus-bounces@list.nessus.org

Hello everybody,

So I do have the latest and greatest nessus scanner for Windows (3.0.5) and I am using it with nessj front end.

However, I have noticed that when I apply a "reject xx.xx.xx.xx" rule, the xx.xx.xx.xx host still gets scanned. In other words- the scanner ignores the rules.

Looking in the Nessus log I see this:

2007-04-05 14:02:48 -0400, Client, <|> CLIENT
2007-04-05 14:02:48 -0400, Client, CLIENT <|> RULES <|>
2007-04-05 14:02:48 -0400, Client, reject 10.1.1.10
2007-04-05 14:02:48 -0400, Client, <|> CLIENT
2007-04-05 14:02:48 -0400, Client, CLIENT <|> LONG_ATTACK <|>
2007-04-05 14:02:48 -0400, Client, 14
2007-04-05 14:02:48 -0400, Client, 10.1.1.10,
2007-04-05 14:02:48 -0400, Server, SERVER <|> PREFERENCES_ERRORS <|>
2007-04-05 14:02:48 -0400, Server, <|> SERVER
2007-04-05 14:02:48 -0400, Server, SERVER <|> TIME <|> SCAN_START <|> Thu Apr 05 14:02:48 2007 <|> SERVER
2007-04-05 14:02:53 -0400, Server, SERVER <|> TIME <|> HOST_START <|> 10.1.1.10 <|> Thu Apr 05 14:02:53 2007 <|> SERVER
2007-04-05 14:02:53 -0400, Server, SERVER <|> TIME <|> HOST_START <|> 10.1.1.10 <|> Thu Apr 05 14:02:53 2007 <|> SERVER
2007-04-05 14:02:54 -0400, Server, s:a:10.1.1.10:1:3149
2007-04-05 14:02:57 -0400, Server, s:a:10.1.1.10:32 :3149
2007-04-05 14:03:00 -0400, Server, s:a:10.1.1.10:65:3149
2007-04-05 14:03:03 -0400, Client, CLIENT <|> STOP_WHOLE_TEST <|> CLIENT
2007-04-05 14:03:04 -0400, Server, SERVER <|> TIME <|> SCAN_END <|> Thu Apr 05 14:03:04 2007 <|> SERVER
2007-04-05 14:03:04 -0400, Server, SERVER <|> BYE <|> BYE <|> SERVER

I can see that the rule "reject 10.1.1.10 is passed to the server, but the scan still occurs. Any ideas?

Thank you
AJ

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
windows-based nessus ignores host exclusion rules, test test <= Re: windows-based nessus ignores host exclusion rules, Renaud Deraison

Previous by Date:	kerberos telnet check, Tim Rupp
Next by Date:	Re: kerberos telnet check, Renaud Deraison
Previous by Thread:	kerberos telnet check, Tim Rupp
Next by Thread:	Re: windows-based nessus ignores host exclusion rules, Renaud Deraison
Indexes:	[Date] [Thread] [Top] [All Lists]