Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Is this expected output or a bug?

from [Greg Kuhnert] Network Security [Permanent Link]
Subject: Is this expected output or a bug?
Date: Mon, 15 Nov 2004 12:21:57 +1100
I have been looking at some of the output from Nessus, and I am trying to understand if the results I am seeing are expected, or the result of an "undocumented feature".

To help understand the problem, I have a sample nessus config files and output available for anyone who has some time to look at the problem... but before getting to the data, here are the symptoms:

1. I get duplicate (2) "host_start" timestamp messages in the output
2. I get duplicate (2) "host_stop" timestamp messages in the output
3. There are duplicate "open port" messages. The number of duplicates is not fixed. I cannot seen an obvious reason for the variable number of duplicate entries. Possibly duplciated due to the number of different port scanners that try and hit the same port. Possibly a duplicate per different scanner.
4. There are duplicate plugin "hits". Ie: The same plugin appears multiple times in the report. Possibly duplicated the same number of times that the port required was detected. I have not checked in detail.
5. Having checked the nessusd.messages log file, the same scan options are executed twice. The number of times a plugin is executed appears to match the number of duplicate entries in the output when a vulnerability is detected.

nessusd.messages:[Mon Nov 15 01:04:44 2004][485] user inprotect : launching proftpd_user_enum.nasl against 1.1.1.1 [897]
nessusd.messages:[Mon Nov 15 01:04:44 2004][485] proftpd_user_enum.nasl (process 897) finished its job in 0.171 seconds
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] user inprotect : launching proftpd_user_enum.nasl against 1.1.1.1 [945]
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] proftpd_user_enum.nasl (process 945) finished its job in 0.079 seconds

The command that was executed is listed below:
nessus -qx 127.0.0.1 1241 user pass target_s459 nessus_s459.out -V -T nbe -c nessus_s459.cfg

All data including log information, nessusrc file, and output data is available for analysis at

http://inprotect-devel.ana.no1.com.au/nessusdata/
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Parsing data from an NBE file, Michel Arboi
Next by Date:  Re: Nessus 2.2.0 released / Nessus Book available, Javier Fernandez-Sanguino
Previous by Thread:  Parsing data from an NBE file, Christopher J Bidwell
Next by Thread:  Re: Is this expected output or a bug?, George Theall
Indexes:  [Date] [Thread] [Top] [All Lists]