At 02:58 PM 9/21/2006, Engstrom, Glenn E \(Glenn\) wrote:
Is there a maximum number of targets that can be specified to be
scanned?
Does this vary by Nessus version? Is there a maximum for what
can be specified in NessusWX?
I normally use nessusWX to submit my scans to a server running Nessus.
Just am curious if there is a max number of IP's. Would that be
different if subnets using CIDR notation were specified? Or is it just a
specific number of entries that can be used?
Is a 1,000 too many? What about 100,000?
Hi Glen,
If you are scanning an entire network, CIDR notion makes your target
file smaller and more efficient, but doesn't really have impact on
the Nessus scanning engine. Aside from that though, the Nessus engine
will try to scan what you give it. Your question does make me think
of some other points which should be of interest to the list.
We're running into less and less people using Nessus 2. If you are
scanning 100k IPs you will get a significant increase in performance
by using Nessus 3. You can read more details about the speed-up
here:
http://www.nessus.org/documentation/index.php?doc=nessus3
Tenable has a lot of experience with customers scanning 100k IPs
with the Security Center. Some of these customers use multiple Nessus
scanners which can reduce the scan time dramatically. Scan time
reduction is reduced because there is load balancing and also an
opportunity to put scanners closer to their scanned networks.
Lastly, as far as scan configuration, you should likely be performing
this scan with safe_checks enabled. This will decrease your scan time.
We did a BLOG entry on that topic last week:
http://blog.tenablesecurity.com/2006/09/understanding_t.html
Ron Gula, CTO
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
