Re: plugin 11052

Michel Arboi wrote:
> On Thu Feb 16 2006 at 09:02, Dave King wrote:
>
>   
> > Anyway, using nmap with the -g option I get a result saying the port is
> > filtered.  Also, trying to connect with nc doesn't work either.  Any
> > other ideas of ways to verify this one?
> >     
>
> hping2 -s 20 -p 8888 target
>
> Which version of Nessus are you using, by the way?
>
>
>   
I'm using Nessus 2.2.6.  I've got 3.0.1 installed as well so I can try
scanning with that as well.  hping2 returned 100% packet loss.  This
isn't happening on just one computer on this network either, it's
happening on all of them.  Also the port scan is showing no open ports
(I've used both nmap and Nessus' port scanner for this).  Is it possible
that from a previous test Nessus has established a connection which then
later works for this test somehow?  Also, could it be that this is some
type of honeypot that triggers when Nessus is run?  I kind of doubt the
second one simply because I don't think this company would go to that
much trouble.  I'll try running hping2 while Nessus is running to see if
at any point during the scan it lets packets through.  I'll also run the
scan with 3.0.1.  And I'll also try running just this plugin without a
full scan to see if the alert is still triggered.  Any other things I
should try?

Thanks,
Dave King

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus