I am having trouble tracking down the reason why I see this plugin fire
off on almost every scan. I'm not ruling out anything on my end (T1,
router, firewall...) but I have tried many different options and
scenarios, and still see this plugin, although the results are seemingly
fine otherwise.
I understand that the plugin gets a list of port from the KB, then
attempts a SYN to those ports, which is very basic. It is difficult to
verify the ports at the exact time the plugin is launched, but I have no
reason to believe the service is being crashed.
Is there a config issue I may be missing, or have others had this
problem as well?
[root@scanner ~]# uname -a
Linux scanner 2.6.18-1.2200.fc5smp #1 SMP Sat Oct 14 17:15:35 EDT 2006
i686 i686 i386 GNU/Linux
[root@scanner ~]# cat /etc/fedora-release
Fedora Core release 5 (Bordeaux)
[root@scanner ~]# NessusClient -h
NessusClient, version 1.0.2.
[root@scanner ~]# nessusd -h
nessusd, version 3.0.5.
thx
-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: Tuesday, February 20, 2007 12:12 PM
To: Scott Pate
Cc: Nessus@list.nessus.org
Subject: Re: plugin 10919
On Tue Feb 20 2007 at 18:53, Scott Pate wrote:
> check_ports.nasl determines a port to be closed, do other plugins
> launch against the port after that
Not relevant, as check_ports.nasl is an "ACT_END", i.e. it runs after
all other plugins.
> Does the plugin determine a port to be closed if it fails to open a
> tcp socket (in which case the port may not be closed), or if it
> receives a RST (in which case the port is most definitely closed)?
It tries to open a connection through the standard API. The port might
be filtered.
> What would be the implications of disabling this plugin?
None.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|