On Tue, 19 Sep 2006, Michel Arboi wrote:
On Mon Sep 18 2006 at 14:46, Kostadin Kostadinov wrote:
I am planning to scan with Nessus 3.0.3 from command line using Nmap
port scan results but not portscanner of Nessus itself.
I'd like to know why so many people still prefer Nmap to the embedded
scanners.
Some people want to scan UDP ports. However, UDP scanning is
unreliable, dangerous against broken IP stacks [1] and can be terribly
slow [2]. If you really need that, you should consider giving Nessus
proper credentials to access the remote machine and use the SNMP or
netstat "scanners". They are quick, reliable and not intrusive.
Plus, keep in mind that Nessus will not use the result from the UDP
scanner to perform some kind of "find_service". Such a feature is slow
and dangerous -- most software which implement a UDP-based protocol
either drop packets that they cannot decode or do sepuku. [3]
Is there a way to enable "find_service" to use UDP results? Believe it or
not, there are people out there who understand UDP services need to be
evaluated otherwise you cannot get a full picture of what device is
running what service. There are devices that people may not be allowed
local accounts as this can be intrusive or where it's not possible to get
console.
Based on those comments, Nessus is not giving a true picture and
personally I find it frustrating not being able to use one piece of
software to perform a complete and thorough review. And I am sure I am not
the only one.
It should be possible for those users who properly understand the
limitations of certain OSes / TCP/IP stacks to be able to get a full
picture. Otherwise you end up making an unreasonable compromise between
speed and accuracy.
Cheers,
A.
----
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
