Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Varying results from scans

from [Josh Zlatin-Amishav] Network Security [Permanent Link]
Subject: Re: Varying results from scans
Date: Tue, 21 Feb 2006 10:24:13 +0200 (IST) 
On Mon, 20 Feb 2006, Ameet Zaveri wrote:

I am using Nessus 3.0.1 on Red Hat Linux to scan multiple hosts
on a network. The scan is initiated by a shell script running
NessusClient 1.0.0.RC4 (not via GUI). I am getting different
results during different runs on the same hosts. In particular
there are 2 NT 4.0 based web servers which have OpenSSL security
holes. If I run a scan with only a single target host, it seems
to always find (and report) the vulnerability. When I run the
scan with a target list specified in a file - about 10 targets -
it sometimes misses the same vulnerability. I ran a test with a
couple of hosts deleted from the target list and it found the
hole in one of the 2 hosts that are known to have this hole.

How do I go about debugging this situation? In looking at the
message log on the server side I noticed the following. It said
"Not launching openssl_denial.nasl against xx.xx.xx.197 none of
the required tcp ports are open (this is not an error)" for the
host where it did not find the hole. But it said "launching
openssl_denial.nasl against xx.xx.xx.198 [1060]" for the similar
host where it found the hole.


Which port scanner[s] are you using?

--
 - Josh
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Varying results from scans, Ameet Zaveri
Next by Date:  Re: Varying results from scans, Jesper S. Jensen
Previous by Thread:  Varying results from scans, Ameet Zaveri
Next by Thread:  Re: Varying results from scans, Jesper S. Jensen
Indexes:  [Date] [Thread] [Top] [All Lists]