Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Nessus 2.1.3 NMAP Port Range Problem

from [Peter HEARD] Network Security [Permanent Link]
Subject: RE: Nessus 2.1.3 NMAP Port Range Problem
Date: Thu, 14 Oct 2004 13:56:38 -0700 
The same issues occur with NMAP version 3.5. I also ran the identical
command line version for NMAP 3.7 as suggested, and it works fine:
nmap -n -oG temp.out -sS -O --osscan_guess -I -p 1-65535 <IP address of UUT>
nmap -n -oG temp.out -sS -O --osscan_guess -I -F <IP address of UUT>

I don't think NMAP itself is the problem.

Peter Heard

-----Original Message-----
From: Flickema, Drew W. [mailto:drew.flickema@hp.com]
Sent: October 14, 2004 12:01 PM
To: Peter Heard; nessus@list.nessus.org
Subject: RE: Nessus 2.1.3 NMAP Port Range Problem



  I believe there are a few bugs introduced in the updated nmapV3.7.  If
you could run nmap via command line with the options described to
duplicate the issue.  Then mail your findings off to the nmap dev list,
nmap-dev@insecure.org, a patch could be issued.



-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Peter Heard
Sent: Thursday, October 14, 2004 11:51 AM
To: nessus@list.nessus.org
Subject: Nessus 2.1.3 NMAP Port Range Problem


Hi,

I am running:
Nessus: 2.1.3 with latest plugins (as 10:30 PST today)
OS    : Suse 9.1 With latest patches
NMAP  : 3.70

When I run a SYN scan using NMAP with the port range set to "default",
the scan immediately terminates and no nmap results are written to the
report.

If I run a similar scan with the port range set to "1-1024" the scan
runs OK and the results are correctly written to the report.

Finally, If I run a similar scan with the port range "1-65535" the scan
runs but no results are written to the report. I see the following
process running during the nmap scan: nmap -n -oG
/usr/local/var/nessus/tmp/nmap.22775114 -sS -O --osscan_guess -I -p
1-65535 <ip address of uut>

Is there a problem with the nmap plugin, or do I have a configuration
problem?

See below for nessus configuration, and log dumps etc.

Many Thanks

Peter Heard


begin(SERVER_PREFS)
 max_hosts = 20
 max_checks = 4
 log_whole_attack = yes
 cgi_path = /cgi-bin:/scripts
 port_range = default
..
..
Nmap (NASL wrapper)[radio]:TCP scanning technique : = SYN scan  Nmap
(NASL wrapper)[checkbox]:UDP port scan = no  Nmap (NASL
wrapper)[checkbox]:Service scan = no  Nmap (NASL wrapper)[checkbox]:RPC
port scan = no  Nmap (NASL wrapper)[checkbox]:Ping the remote host = yes
Nmap (NASL wrapper)[checkbox]:Identify the remote OS = yes  Nmap (NASL
wrapper)[checkbox]:Use hidden option to identify the remote OS = yes
Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) =
no  Nmap (NASL wrapper)[checkbox]:Get Identd info = yes  Nmap (NASL
wrapper)[checkbox]:Do not randomize the  order  in  which ports are
scanned = no  Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus
specific!) ..  Nmap (NASL wrapper)[entry]:Source port : =  Nmap (NASL
wrapper)[entry]:Host Timeout (ms) : =  Nmap (NASL wrapper)[entry]:Min
RTT Timeout (ms) : =  Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) :
=  Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : =  Nmap (NASL
wrapper)[entry]:Ports scanned in parallel (max) =  Nmap (NASL
wrapper)[entry]:Ports scanned in parallel (min) =  Nmap (NASL
wrapper)[entry]:Minimum wait between probes (ms) =  Nmap (NASL
wrapper)[file]:File containing grepable results : =  Nmap (NASL
wrapper)[entry]:Data length : =


Output of nessusd.messages:
[Thu Oct 14 09:49:55 2004][8789] connection from 127.0.0.1
[Thu Oct 14 09:49:55 2004][9989] Client requested protocol version 12.
[Thu Oct 14 09:49:55 2004][9989] successful login of nxscanner from
127.0.0.1 [Thu Oct 14 09:50:10 2004][9989] Redirecting debugging output
to /usr/local/var/nessus/logs/nessusd.dump
[Thu Oct 14 09:50:59 2004][9989] user nxscanner starts a new attack.
Target(s) : UUT, with max_hosts = 20 and max_checks = 4
[Thu Oct 14 09:50:59 2004][9989] user nxscanner : testing UUT
(142.73.131.198) [9990]
[Thu Oct 14 09:50:59 2004][9990] user nxscanner : launching
ping_host.nasl against UUT [9991] [Thu Oct 14 09:50:59 2004][9990]
ping_host.nasl (process 9991) finished its job in 0.025 seconds [Thu Oct
14 09:50:59 2004][9990] user nxscanner : launching nmap.nasl against UUT
[9992] [Thu Oct 14 09:50:59 2004][9990] nmap.nasl (process 9992)
finished its job in 0.018 seconds [Thu Oct 14 09:50:59 2004][9990]
Finished testing UUT. Time : 0.10 secs [Thu Oct 14 09:50:59 2004][9989]
user nxscanner : test complete [Thu Oct 14 09:50:59 2004][9989] user
nxscanner : Kept alive connection [Thu Oct 14 09:51:15 2004][9989]
Communication closed by client


Output of nessusd.dump:
[9992](/usr/local/lib/nessus/plugins/nmap.nasl) fread:
stat(/usr/local/var/nessus/tmp/nmap.836920804): No such file or
directory
[9992](/usr/local/lib/nessus/plugins/nmap.nasl)
unlink(/usr/local/var/nessus/tmp/nmap.836920804): No such file or
directory


nmap.nasl Version:
systen_name:/usr/local/var/nessus/logs # more
/usr/local/lib/nessus/plugins/nmap.nasl
#TRUSTED
a140c3314b85c3914501c0f8a35bd0d430502a37f521c7e97371e47f4a11b0253a40b315
26cb
83758775009337950f827305975d6e6b34aca81c0eb83c3edd839799af94994969979da5
6a83
c8bd11c868ae5099ec0c95f5e40cb77
956e9897e6ea63cc88e2d0c34225e5352492e13a3346420cab1dce46ea4673a6e1da1217
5e8d
4cf4457f219c2d88ccd1bedf6d53b2ae6c056c8519cbb00db8edaeb45798c8e5a7d9a00e
8824
9920d1bd166aa385ba780b05aa95305aade48d6e
6d10e15ae045bc852775878ec7e270971bdb7bc041491f02be400b15e13174f394989d91
b3f3
001855be32ae3768b0d8a50ab129225d63f318162f1161fb23f2d8b6e4281fa9abe2de24
47b6
fad8b6f206799ecad773d9db6ef3eb90d2938551
22c17c84e88a0101eb21f40d2d621dc779d4229f1095cbf7fa3b5cb1610ed9ba6e9b9ab6
978a
3cb6b101039372248d5a654b7bdfb35488b1cca9867f34a4d4c8f64503c237e59c4cd22c
4abd
24c64e2e7af567bca88acb74550b75aba563c410
a371f97e7448a46b36408361fe9f3c217a9a17e99a3ac67b01db4ed0fd42b02a8a802808
2b87
ed8e5fae739ee6091ccaacac23f61d78b5320072e5881a027eddfb02a09c2c4e89d5bd51
473f
83826bcfa37ed6f5fbce3fb541649c1ab3b4b0a1
2cd841ab3ecf21919dd7992ffd41712c75d3e34558fa6a5fef3bb29a3984f10d354d40a7
d
#
# This script was written by Michel Arboi <arboi@alussinan.org> # # GPL
# if ( ! defined_func("pread") || ! defined_func("get_preference") )
exit(0); if ( ! find_in_path("nmap") ) exit(0);


if(description)
{
 script_id(14259);
 script_version ("1.9");
 name["english"] = "Nmap (NASL wrapper)";
script_name(english:name["english"]);

 desc["english"] = "
This plugin runs nmap(1) to find open ports.
See the section 'plugins options' to configure it

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Nessus 2.1.3 NMAP Port Range Problem, Flickema, Drew W.
Next by Date:  Re: Problem building nessus-core on RedHat ES 2.1, George Theall
Previous by Thread:  RE: Nessus 2.1.3 NMAP Port Range Problem, Flickema, Drew W.
Next by Thread:  SSH localhost checks on FreeBSD, Morten Kallesøe
Indexes:  [Date] [Thread] [Top] [All Lists]