Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

significance of ping_host in nessusrc

from [Scott Pate] Network Security [Permanent Link]
Subject: significance of ping_host in nessusrc
Date: Tue, 18 Jul 2006 08:12:21 -0500 
I am not sure if this problem is new to the 3.x version, as I don't
remember having it in the past, but I have recently been forced to use
the GUI for running nessus, as I don't seem to get consistent results by
editing .nessurc and running in batch mode (which I would very much
prefer to do)
 
I'm running nessus 3.0.1 on Fedora core 4 using NessusClient, using
these cmd line options:
[root@localhost ~]# NessusClient -T nbe -c /root/.nessusrc -qx localhost
1241 user user /root/testtarget /tmp/testnessus/third.nbe

 
I initially ran NessusClient to build the .nessusrc file, and then
edited it by hand, my problems follow:
 
(problem 1)

My goal was to configure nessus not to ping the remote host, so I set
'ping_hosts = no' in the .nessusrc.  By running a packet sniffer I could
see that nessus actually did ping the remote host.  After some
investigation, I learned that 'ping_host' seems to have no effect, and
it is the actual plugin in the .nessurc file which determines whether
the host is ping'd.
 
What I found was that setting either plugin 10180 (ping host) or 11219
(syn scan) to yes would cause nessus to ping the remote host, regardless
of the value of 'ping_host'.  So what is the significance of
'ping_host'?
 
 
(problem 2)
 
With these settings:
 
++++++++++++++++++++++++++++++++++++++++++++++++++++
Ping the remote host[entry]:TCP ping destination port(s) : = 1-3000
Ping the remote host[checkbox]:Do a TCP ping = no
11219 = yes 
 
nessus scans the port range 1-3000.
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Ping the remote host[entry]:TCP ping destination port(s) : = 1-3000
Ping the remote host[checkbox]:Do a TCP ping = yes
11219 = no 
 
only first digit is recognized in port range (port 1)
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Ping the remote host[checkbox]:Do a TCP ping = no
10180 = yes
11219 = no
 
ping_host.nasl runs, and then plugins start to run as well, even though
there was no response from ping.
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
My frustration lies in the fact that I can't seem to trust the settings
I edit in the .nessusrc file.  I would ideally like to edit server
setting/preferences, without having to know the purpose and value of
each plugin.
 
I have searched through the archives, and looked on the web site, but
none of the documentation I have found is detailed enough.  I there
documentation on the sections of the config file, and the implications
of the settings contained within
 
 
thanks.  I can provide a .nessurc file if you would like
 
Scott Pate

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: nessus-update-plugins failing, Eleanor Blair
Next by Date:  Re: Problem Running the Nessus Client, George A. Theall
Previous by Thread:  compliance checks, Matthias Heinrich
Next by Thread:  Re: significance of ping_host in nessusrc, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]