On Wed Sep 20 2006 at 18:33, Douglas Nordwall wrote:
Well, for me, the sheer configurability of it is the best part. Speed
isn't always what you are after, and just this morning, speed was the
enemy. We had a box that had countermeasures on it, and we had to
move slow to not trigger them. I didn't see an option for this on the
built in scanner.
safe_checks && max_checks=1 gives the lowest speed.
(! safe_checks) && max_checks>=5 gives the highest speed.
I also like the ability to control port scan randomization
We may introduce some trick against *basic* portscan detection, but
probably not randomization, because it might lead to erratic
problems.
and very fine grained control of the timing.
Fine grained control is the enemy of adaptability. Maybe I did not
find a single box with anti-portscan countermeasures, but I scanned
many boxes on unreliable links or loaded networks. In such cases, the
scanner has to slow down when it starts losing packets, and speed up
later. nessus_tcp_scanner does this rather well; in fact much better
than any other port scanner I tried.
Part of it, I imagine is because we really like nmap and there is a
mental "this is the best port scanner
This sounds more like marketing than technique to me.
Anyway, I do not see where the problem is.
nmap.nasl has always been available, and the import function works
fine and does not need to be updated everytime a new option pops
up. Running Nmap from inside Nessus is definitely a bad idea, for
reasons that are written on the web site.
--
http://arboi.da.ru/ http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
