Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: XP SP2

from [Rochford, Paul] Network Security [Permanent Link]
Subject: RE: XP SP2
Date: Tue, 26 Apr 2005 16:14:12 +0100 
Well if it's blocking icmp do a:

Nmap -sS -P0 [ip of target] -p 1-65535 -vv 

It should come back saying something like all 65535 ports are filtered.

Kind Regards,
Paul Rochford 

-----Original Message-----
From: Jonathan Clark [mailto:jclark@networkalliance.net] 
Sent: Tuesday, April 26, 2005 4:04 PM
To: Martin; Rochford, Paul
Cc: nessus@list.nessus.org
Subject: RE: XP SP2

What do your nessus logs say?
When I say enable ICMP ping, what I mean is enable it on the scanner and
see how many more you can hit?  Do you have nmap installed?  If so
normally with that I can manage to find some sort of info on the host.

"nessusd -s  | grep logfile"
Will tell you where the log file is stored.  Than you can open it with
any type of text editor.  That should shed some light on why the
scanning turns nothing back.

~Jonathan

-----Original Message-----
From: Martin [mailto:mmacleod@london.edu]
Sent: Tuesday, April 26, 2005 10:50 AM
To: Rochford, Paul
Cc: Jonathan Clark; nessus@list.nessus.org
Subject: Re: XP SP2

Ooops - that could well be it, I presumed that I would get some sort of
information back, I just was not expecting to get no information at all.
I feel a bit of a muppet now ;(
Bear with me, I drew the short straw, and got 'internal LAN security' as

my project - having never touched Linux before, and knowing very little
  about security, (other than pointing people to windows update!!!) I
will be the first to admit Im struggling....
So saying, on the reading I have done, its important, and yes I would
like to strangle someone over Linux, its a bit confusing after windows,
but I will get there....
Wish I was back with my routers.

Many thanks

Martin

Rochford, Paul wrote:

 
It could simply be the fact that there are no ports open on this

machine

because they are all filtered by the firewall. Have you tried

telnetting

to the basic windows ports. Outgoing connections from the machine are 
probably not filtered but un-established incoming requests most likely



are.

Telnet [host-ip] 139
Telnet [host-ip] 445

Or just do a simple nmap port check on the above. Nmap -sS [ip] -p
139,445 -vv

Kind Regards,
Paul Rochford

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Jonathan Clark
Sent: Tuesday, April 26, 2005 2:47 PM
To: Martin; nessus@list.nessus.org
Subject: RE: XP SP2

I had a similar issue some time back.

Enable ICMP ping.  Check your nessus logs because it might be the

nessus

scanner is reporting these hosts as dead which means it doesn't even

see

them on the network.

Enable ICMP ping.  If it fails than...  I don't know and I'll let the 
more advance guys tell ya lol..

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Martin
Sent: Tuesday, April 26, 2005 9:24 AM
To: nessus@list.nessus.org
Subject: XP SP2

Hi Guys,
      Is there an FAQ for how to deal with Firewalls, - it seems to me

that 

alot of people have trouble with this issue.

I am getting back no test results for scanning XP machines with the

SP2

service pack firewall enabled. The scan completes in seconds but comes



back with a 'there are no results to view for this' message

Scanning the mailing list I can confirm that I have disabled pinging

the


remote host, the SMB credentials are correct. I am using the Nessus

TCP

scanner.
I tried to use Nmap scanner with the option for fragment IP packets

but

this made no difference.
I understand that firewalls make things very difficult, but thought Id



post before banging my head against the wall and giving up on

firewalled


machines.

Also regarding best practice for XP, on a windows 2000 box, a complete
(1-65535) port scan using TCP scanner and all the windows family

plugins


enabled takes about 7-10 mins depending on time of day.
In XP, with the same settings, I am averaging two hours or more per 
host, is this normal? Searching for slow XP scans hasn't brought up 
anything that I can see to help...
Im happy to upload a report with the config options if that would help



with the diagnosis...

Many thanks
Martin

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

______________________________________________________________________

This email has been scanned by the MessageLabs Email Security System 
on behalf of the London Business School community.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: XP SP2, Jonathan Clark
Next by Date:  Hydra, Jonathan Clark
Previous by Thread:  RE: XP SP2, Jonathan Clark
Next by Thread:  Hydra, Jonathan Clark
Indexes:  [Date] [Thread] [Top] [All Lists]