Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Not Reporting Ports

from [Ferdy Riphagen] Network Security [Permanent Link]
Subject: Re: Not Reporting Ports
Date: Wed, 17 May 2006 21:32:35 +0200 
Ray,

Do you know for sure there are ports open on that system?
Try looking at some interesting ports first. Like smtp/http(s)/ssh etc.
don't use all port at once.

Scan a few ports first, some systems have a blocking function that if
you hit some interessting ports in a short time they block you and
report all ports as filtered/closed, or there is some other protection
in front (IPS).

If nessus doesn't find any ports it will not find any vulnerabilities.

-- Ferdy

Ray DuBose wrote:

Hey,

 

 Fairly new to nessus so be kind.  I have 2 IP’s that I’ve been asked to
scan.  When I run NMAP against them using –sS I get several filtered ports:

 

(The 56612 ports scanned but not shown below are in state: closed)

PORT      STATE    SERVICE

21/tcp    filtered ftp

22/tcp    filtered ssh

23/tcp    filtered telnet

80/tcp    filtered http

137/tcp   filtered netbios-ns

161/tcp   filtered snmp

162/tcp   filtered snmptrap

443/tcp   filtered https

491/tcp   filtered go-login

554/tcp   filtered rtsp

3389/tcp  filtered ms-term-serv

4441/tcp  filtered unknown

4444/tcp  filtered krb524

5350/tcp  filtered unknown

7070/tcp  filtered realserver

8000/tcp  filtered http-alt

8080/tcp  filtered http-proxy

8087/tcp  filtered unknown

8380/tcp  filtered unknown

8480/tcp  filtered unknown

10000/tcp filtered snet-sensor-mgmt

10130/tcp filtered unknown

11889/tcp filtered unknown

 

But when I run a Nessus Scan against the same host I get nothing back
other than a genera/tcp

Information about this scan :

 

Nessus version : 3.0.2

Plugin feed version : 200603211235

Type of plugin feed : Release

Scanner IP : 10.1.11.113

Port scanner(s) : synscan

Port range : 1-65535

Thorough tests : no

Experimental tests : no

Paranoia level : 1

Report Verbosity : 1

Safe checks : yes

Max hosts : 16

Max checks : 10

Scan Start Date : 2006/5/17 13:15

Scan duration : 285 sec

 

And general/UDP that just shows a traceroute to the host. I’m running
Nessus on Fedora Core 5 and this is the latest version of Nessus as I
just built it today.  I’ve tried all the port scanners that are listed
as well as both the Linux Client and the Windows Client. The NMAP was
run from the same Nessus Server.  Am I doing something wrong?

 

Ray

 


------------------------------------------------------------------------

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Not Reporting Ports, Karl Tatgenhorst
Next by Date:  Nessus False Positive, Hany Fawzy
Previous by Thread:  Re: Not Reporting Ports, Karl Tatgenhorst
Next by Thread:  Nessus False Positive, Hany Fawzy
Indexes:  [Date] [Thread] [Top] [All Lists]