Re: Port range for targets

[Renaud Deraison <deraison@nessus.org>]

On Jun 7, 2007, at 2:50 AM, jason stallings wrote:

> Is there a way to give a port range for each target in the external  
> targets file...
> is there a way at all?
No, you'd need to do a different scan for each target.

However, with the Nessus 3.1.x beta, what you can do is to define  
rules to forbid some ports for some targets -- that is, you end up  
sharing the same global port range but deny some ports to some hosts.
For instance, you could set the port range to 1-65535 and then poke  
some holes in that for every host in nessusd.rules :

# Forbid connecting on ports > 1024 for the 192.168.2.0/24 subnet
reject 192.168.2.0/24:1024-65535

# Forbid connecting on port 80 on your router
reject 192.168.2.1:80

# Always reject connecting on port 9100
reject 0.0.0.0/0:9100


etc...

Note that if you modify nessusd.rules, you'll need to restart nessusd  
for the changes to take effect.


                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus