Network Security: Detailed info on Re: Nessus taking a long time to scan

Subject:	Re: Nessus taking a long time to scan
Date:	Sat, 24 Sep 2005 17:55:14 -0500

So if you pick one of the boxes to scan, and say ... Try to push a file to
it, you get really good throughput ? 

Also .. Tail the nessusd.messages file during an attack for a box .. See how
long between attacks .. It should log the firing off of each attack to that
file, so you'll be able to see if just some of the attacks are slow or if
it's all of them .. 

Also .. You can run specific attacks from the command line using the nasl
binary .. 

 man nasl for details ..


Dan Muldoon
Security Consultant
Spohn Consulting


On 9/24/05 9:58 AM, "Kelly, Jim" <Jim_Kelly@sra.com> wrote:



-----Original Message----- 
From: Dan Muldoon [mailto:dmuldoon@Spohncentral.com]
<mailto:dmuldoon@Spohncentral.com]>  
Sent: Friday, September 23, 2005 11:02 PM 
To: cykyc@yahoo.com; Kelly, Jim; nessus@list.nessus.org 
Subject: Re: Nessus taking a long time to scan 

What devices (IPS,Routers,Firewalls, etc) are between you and the target 
hosts?

none

How much bandwidth do you have to them?  What is normal thorughput?

100 mps

Are there any tarpits on the target network?

no I'm hooked right into the switch

How long between portscan and the attack phase?

Portscan completes quickly. Checks take a looooong time


Answer that and give us a pcap sniffer trace of the attempt ..

wasn't able to grab this but a casual tcpdump revealed limited traffic

coming out of my eth0 interface. Aother laptop plugged into a different 
port on same switch showed much more traffic flowing via tcpdump. 

Jim Kelly 





--- "Kelly, Jim" <Jim_Kelly@sra.com> wrote:

I just want to get everyone's feedback: 
Nessus is currently up to 9333+ plugins 

Even with all the irrelevant plugins unchecked...like slackware, 
freebsd, solaris checks etc. 
Network only has windows 2003 
total of 60 hosts 
It's taking me 5-7 hours. 
I'm using three laptops 
 one C800 Dell 
 one D600 Dell 
 one Compaq Presario R3000. 

Is this typical for you all?


I've had some sad scans like this, due to how slow the host responded to 
the packets.  Can you watch the wire and see what your response time is? 
This may help in troubleshooting. 

Jon 




                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
<http://mail.yahoo.com>  
 <http://mail.yahoo.com> <http://mail.yahoo.com>
_______________________________________________ 
Nessus mailing list 
Nessus@list.nessus.org 
http://mail.nessus.org/mailman/listinfo/nessus
<http://mail.nessus.org/mailman/listinfo/nessus>  
 <http://mail.nessus.org/mailman/listinfo/nessus>
<http://mail.nessus.org/mailman/listinfo/nessus>  









_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Nessus taking a long time to scan, Kelly, Jim Re: Nessus taking a long time to scan, Nicolas Pouvesle Re: Nessus taking a long time to scan, Renaud Deraison Re: Nessus taking a long time to scan, Jon Passki Re: Nessus taking a long time to scan, Doug Nordwall RE: Nessus taking a long time to scan, Adam Stern Re: Nessus taking a long time to scan, Dan Muldoon Re: Nessus taking a long time to scan, Dan Muldoon <=

Previous by Date:	Re: No text for security hole., Josh Zlatin-Amishav
Next by Date:	Re: Bad UDP Checksum on Mac Mini running Linux Gentoo, Martin Mačok
Previous by Thread:	Re: Nessus taking a long time to scan, Dan Muldoon
Next by Thread:	No text for security hole., hampton
Indexes:	[Date] [Thread] [Top] [All Lists]