-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: Thursday, September 21, 2006 7:43 AM
To: Nordwall, Douglas J
Cc: nessus@list.nessus.org
Subject: Re: How to use Nessus 3.0.3 (Linux) with Nmap port scanning
<snip nice bit on configuring scans>
Thanks. One nice thing about explanations like this is that they are
most useful when they get into google and other folks can look them up
sa well.
I needed very slow scans (on the order of no more than 5 ports in 5
minutes) to bypass the countermeasures.
This means that you'll need 65535 min = 1092.25 h = 45.5 days
to run a full port scan. Is this acceptable? I don't think so.
I am not scanning all those ports. Certainly, I would not consider doing
a slow scan for 65k ports. Even the polite setting in nmap would take 8
horus. However, a few targetted ports that you suspect are open are
handy for bypassing certain things.
Maybe ask Fyodor what they did to compensate for the
problems you are
concerned about?
I nearly never scan *my* network. My experience comes from
different networks on my customers' sites. Many of them are a
mix of quick LAN, overloaded links or routers, slow leased
lines or high latency satellite based WAN. Scans often runs
more than a day and the network load is concentrated during
the working hours (or at least, the nature of the trafic
changes in the evening). That's why I needed an adaptative tool!
It would be great if this scanner could also suit your needs,
but I am afraid that your requirements are too strict.
First off, I didn't mean to denegrate your experience. I have no doubt
that yours is broader than mine in many areas.
Actually, Nessus does suit by needs for most every situation, including
this network. We use it hourly. However, occasionally, we have a tough
nut to crack and need to pull out a different tool.
I know fairly well, and have access to exactly what's
happening on it,
I can make those determinations in other ways.
Maybe Nessus SYN scanner would be better for you? It is
slower but its behaviour is more regular, IIRC.
We use it :)
You asked why people prefer to use nmap instead of the built in.
I see. I am still surprised by your figures.
Really, I don't claim that this is best for everyone. Indeed, if I was
less involved in this work, I would not have a need.
--
http://arboi.da.ru/ http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
