Figured out my problem, even though it doesn't make too much sense.
Increasing the timeouts from the defaults and decreasing the max hosts and
max checks back to the defaults let nessus find all the hosts. However, the
scanning machine is a dual p3 on a gigabit connection scanning on the LAN. I
really expected the default timeouts would be okay for this.
Anyway, thanks for a great bit of software.
Andrew
On 7/24/06, Andrew Wang <azuriel@gmail.com> wrote:
Hello again, I have another question for the mailing list.
I have installed Nessus 3.0.3 on FC5, and it's working pretty well. I have
it set up to do an ARP and TCP ping to detect if hosts are dead or alive,
TCP syn port scan, and reading the target ip addresses from a file.
checks_read_timeout is set to 4, plugins_timeout is set to 320.
The problem lies in Nessus not scanning properly when I increase the
number of IP addresses in the target list. An example, using the same
configuration for all:
Scanning 192.168.0.1 to 192.168.0.254 produces
Hosts which were alive and responding during test 19 Number of security
holes found 12 Number of security warnings found 29
Scanning 192.168.1.1 to 192.168.1.254 produces
Hosts which were alive and responding during test 34 Number of security
holes found 27 Number of security warnings found 73
Finally, the mystery. Putting the two lists of IP addresses together, and
scanning 192.168.0.1 to 192.168.1.254 produces
Hosts which were alive and responding during test 21 Number of security
holes found 13 Number of security warnings found 32
I've run these multiple times, and they always produce the same results:
the larger list of IPs produces inferior results compared to the subsets.
Can anyone shine some light on this matter? I can provide configuration
options as needed.
Thanks,
Andrew
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
