Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: returns empty report

from [Ken Dyke] Network Security [Permanent Link]
Subject: Re: returns empty report
Date: Fri, 22 Sep 2006 16:08:35 -0600 
On Wed, Sep 13, 2006 at 07:42:11PM -0400, George A. Theall 
(theall@tenablesecurity.com) wrote:

On Wed, Sep 13, 2006 at 03:47:49PM -0600, Ken Dyke wrote:


We have a number of hosts where a service has been moved to a different
port.  For example, a host with ssh server listening on port 10022 (it
happens that it is the only port open on that host).  Even if I
specifically tell nessus to scan that port it still returns an empty
report.


Is plugin #10180, ping_host.nasl, being run? Check the nessusd.messages 
log; it might be even if you haven't enabled it explicitly since it's a 
dependency on a number of scanners. If it is and you're using TCP pings 
(the default), make sure you include 10022 for the preference "TCP ping 
destination port(s)". Otherwise, the ping scanner will mark the host as 
dead since, in this case, no other ports are open and Nessus will not 
bother scanning it any further.


Set up details:
  nessusd=nessus-2.2.8 OS=coreOS (Linux)
  client machine is Fedora Core 5 nessus-client-2.2.7 nessus-gui-2.2.7

On "Scan Options" tab entered 10022 in port range field.
Only "Port scanner" checked is "Nessus TCP scanner.
Even though nessusd gets an ack from the target it still concludes that
it is dead.  :-(

relevant tcpdump lines:
[...]
15:58:51.197946 IP xxx.xxx.xxx.xxx.41785 > nnn.nnn.nnn.nnn.10022: F 1:1(0)
ack 1 win 5840 <nop,nop,timestamp 130843319 148508320>
15:58:51.207297 IP nnn.nnn.nnn.nnn.10022 > xxx.xxx.xxx.xxx.41785: P 1:25(24)
ack 1 win 5792 <nop,nop,timestamp 148508321 130843319>
[...]

nessusd.messages
[Fri Sep 22 15:58:47 2006][4885] user ken_i_m : session will be saved as
/usr/lib/nessus/users/ken_i_m/sessions/20060922-155847-index
[Fri Sep 22 15:58:50 2006][4885] user ken_i_m starts a new scan.
Target(s) : nnn.nnn.nnn.nnn, with max_hosts = 20 and max_checks = 4
[Fri Sep 22 15:58:50 2006][4885] user ken_i_m : testing nnn.nnn.nnn.nnn
(nnn.nnn.nnn.nnn) [6367]
[Fri Sep 22 15:58:51 2006][6367] user ken_i_m : The remote host
(nnn.nnn.nnn.nnn) is dead
[Fri Sep 22 15:58:51 2006][6367] Finished testing nnn.nnn.nnn.nnn. Time :
0.65 secs
[Fri Sep 22 15:58:51 2006][4885] user ken_i_m : test complete
[Fri Sep 22 15:58:51 2006][4885] Total time to scan all hosts : 4
seconds
[Fri Sep 22 15:58:51 2006][4885] user ken_i_m : Kept alive connection
-- 
I reason and act, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
Founder, Helena Linux Users Group
(406) 581-0495
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Report Generator, Paul A. Marcantonio
Next by Date:  Re: returns empty report, Ken Dyke
Previous by Thread:  Re: returns empty report, Ken Dyke
Next by Thread:  Re: returns empty report, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]