Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus 3.0.3 scan abends Btcpcom.nlm

from [Joel Elwell] Network Security [Permanent Link]
Subject: Re: Nessus 3.0.3 scan abends Btcpcom.nlm
Date: Fri, 15 Sep 2006 11:49:13 -0400 
Thanks for your response,
You are correct, our previous version was 2.2.6, and we are indeed using 
nessus_tcp_scanner.
Max_check is set for 5.
Since I have inherited the scanning from a former co-worker, I may easily have 
different settings than prevous. (I did attempt to keep as many the same as 
possible.)
I'll look into the possiblity of Netware using a type of RST rate limitation, I 
am uncertain at this time.
I can apreciate your comment about Netware. I should be able to setup a test 
using your suggestion about reducing max_checks or switching to Nessus SYN 
scanner instead of the TCP scanner.

Thanks,
                Joel



Michel Arboi <mikhail@nessus.org> 9/15/2006 10:57 AM >>>

On Fri Sep 15 2006 at 16:23, Joel Elwell wrote:


After updating (uninstall old, clean install new) from Nessus 2.6


I suppose that you mean 2.2.6. And that you are using nessus_tcp_scanner.


Safe checks were enabled and port scanning was enabled.


Which was the value of max_checks ("Number of checks to perform at the
same time")?


This approach worked ok with (no NetWare abends) using our previous
version of Nessus. 


There have been several modifications in nessus_tcp_scanner since 2.2.6. 
The most noticeable one is an improvement of scan time against
machines which implement RST rate limitation (mainly BSD). If Netware
uses such a trick, Nessus 2.2.8 or 3+ will be much more aggressive
against it. If not, the behaviour should be unchanged and maybe you'll
have to check your parameters (you may have changed some of them when
you switched from 2.x to 3.x)


I have yet to find any pattern to pursue


Concerning Netware itself, I cannot help you. You are not the first
one to report such problems.
Meanwhile, you could try to reduce max_checks or even switch to Nessus
SYN scanner instead of the TCP scanner.

-- 
http://arboi.da.ru/                     http://ma75.blogspot.com/ 
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645  2E1A 1320 924F 0BBA BA91

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus 3.0.3 scan abends Btcpcom.nlm, Michel Arboi
Next by Date:  plugin 22194 - potential false positive?, how2 vuln
Previous by Thread:  Re: Nessus 3.0.3 scan abends Btcpcom.nlm, Michel Arboi
Next by Thread:  plugin 22194 - potential false positive?, how2 vuln
Indexes:  [Date] [Thread] [Top] [All Lists]