Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scanning 65K ports on 45 subnets

from [Jon Passki] Network Security [Permanent Link]
Subject: Re: Scanning 65K ports on 45 subnets
Date: Tue, 24 May 2005 05:29:42 -0700 (PDT) 

--- Jason Haar <Jason.Haar@trimble.co.nz> wrote:

George A. Theall wrote:


Which scanner(s) are you using and how are they configured?
Understand that UDP port scans are *slow* -- scanning all
possible UDP ports can take a day or more for a single
target! Also, this is just a drawback of UDP scanning, not
Nessus per se. Avoid it if at all possible.


How can you disable UDP scans altogether? I don't see a switch
for 
that...? I've spent a lot of time optimizing our *tcp* port
ranges and 
scan options, but still find Nessus runs off trying to do whole
suites 
of UDP tests - like the snmp ones (this is for DMZ scans, so I'd
rather 
enable all tests, but limit the ports). I know I can - by hand -
turn 
such tests off, but I'd rather leave all tests enabled, specify
port 
range, and configure Nessus not to runs tests if they don't
involve one 
of the "live" ports. (I'm not scanning Class B's BTW ;-)


Check the box 'Consider unscanned ports as closed' under Scan
Options (thanks Edgeos!); in the template, it's called
'unscanned_closed'.


It takes me days too. This isn't Nessus's fault, but when your
Network 
Group decide to enable a /22 on the Internet and then only
"officially" 
have two hosts on it, you still have to scan the entire /22 "just
in 
case" someone has shoved another host on without reporting it.
:-(


Or the client that says they only have 100 hosts in a /16 (^_^)



Jon


PGP Fingerprint: 1BB0 A946 927B 93C3 ED6A  0466 6692 6C2C 84BE 4122

"Should any political party attempt to abolish social security, unemployment 
insurance, and eliminate labor laws and farm programs, you would not hear of 
that party again in our political history. There is a tiny splinter group, of 
course, that believes you can do these things. Among them are [...] a few other 
Texas oil millionaires, and an occasional politician or business man from other 
areas. Their number is negligible and they are stupid." [1]

-- Dwight D. Eisenhower, Former President of the USA (Republican), Nov. 8, 1954

[1] 
http://www.eisenhowermemorial.org/presidential-papers/first-term/documents/1147.cfm

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problems with registration feed plugins, George A. Theall
Next by Date:  Re: client server technology, George A. Theall
Previous by Thread:  RE: Scanning 65K ports on 45 subnets, Fender, Brian
Next by Thread:  Architecture of NESSUS, Rajiv Ranjan
Indexes:  [Date] [Thread] [Top] [All Lists]