Nessus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Portscan issue on 2.2.9

from [Pete Duffin] [Permanent Link][Original]
To: "George A. Theall" <theall@tenablesecurity.com>, <nessus@list.nessus.org>
Subject: Portscan issue on 2.2.9
From: "Pete Duffin" <pduffin@nortel.com>
Date: Tue, 5 Jun 2007 11:25:22 -0400
Cc:
Delivered-to: sp-com-lists@consult.net
Delivered-to: nessus-list1@securepoint.com
Delivered-to: nessus@list.nessus.org
In-reply-to: <46657E2F.4060705@tenablesecurity.com>
List-archive: <http://mail.nessus.org/pipermail/nessus>
List-help: <mailto:nessus-request@list.nessus.org?subject=help>
List-id: Discussion of Nessus software <nessus.list.nessus.org>
List-post: <mailto:nessus@list.nessus.org>
List-subscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Sender: nessus-bounces@list.nessus.org
Thread-index: AcenhJ7jGZsY80CVTe66dNM8tpySqwAAKVzQ
Thread-topic: Portscan issue on 2.2.9 
Hi,

I am having a problem specifying which type of ports scan is being run.

In my config file, I have:

Nmap (NASL wrapper)[radio]:TCP scanning technique : = SYN scan

And do not have another line like this, it's the only one.

When I run my scan, I do ps -ef to see what command nessus is passing to
nmap, and I see:

nmap -n -P0 -oG /usr/local/var/nessus/tmp/nmap-10.10.10.10-83168732 -sT
-p 1-65535  

To me, this is nmap doing a connect scan, which is causing an
applicationt o crash.  If I nmap on it manually and do a SYN scan, the
application does not crash, which is the reason I'd like nessus to use
NMAP doing a SYN scan.

Anybody know why Nessus isn't passing nmap the -sS option instead of the
-sT option?

Thanks,


Pete Duffin

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of George A. Theall
Sent: Tuesday, June 05, 2007 11:16 AM
To: nessus@list.nessus.org
Subject: Re: Nessus 2.2.6 does no portscan with all plugins

On 06/05/07 02:43, Frank Meier wrote:

> I installed nessus 2.2.6 on a Gentoo system.

You may want to upgrade now as Nessus 2.x versions < 2.2.9 may have
problems with plugins in a few weeks; ie, see:

 
<http://mail.nessus.org/pipermail/nessus-announce/2007-May/msg00000.html
>.

> When I scan with only the "build-in" Plugins, nessus do an portscan 
> bevor all other checks and scan only found hosts. If I use the plugins

> of the registered Feed, nessus do no (visible) portscan and checks the

> whole network, also non existend hosts.

The lines from nessusd.messages that you included in your message aren't
helpful in diagnosing your problem. They just show Nessus starting one
scan and launching plugins in the Settings family (eg,
ssh_settings.nasl, .. dont_scan_settings.nasl). These plugins are always
launched and just update settings in each target host's KB but don't
actually send any packets.

Are you able to show the log lines from scans before and after updating
plugins? And perhaps with lines relating to the scanning plugins that
you've configured?

George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: FALSE POSITIVE, John Scherff
Next by Date:  FALSE POSITIVE, John Scherff
Previous by Thread:  Re: Nessus 2.2.6 does no portscan with all plugins, George A. Theall
Next by Thread:  RE: Portscan issue on 2.2.9, Pete Duffin
Indexes:  [Date] [Thread] [Top] [All Lists]