Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Empty reports vary whether host is in same LAN than Nessus or not

from [Federico Petronio] Network Security [Permanent Link]
Subject: Empty reports vary whether host is in same LAN than Nessus or not
Date: Wed, 17 Jan 2007 15:23:26 -0300 
Hello list,

I would like to ask about a behavior I found in Nessus and that I am not
sure if it is the expected.

I am running Nessus 3.0.4 over Linux Debian 3.1 (Sarge) and setup two
different scans, (1) with a target in the same network that the Nessus
engine and the other (2) with the target in a different network. Both
target IPs are not in use, so Nessus will get no answer at all from any
of them.

After running the scans and getting the results in XML format I found
that the <results></results> section is completely empty for scan (2)
but for the scan (1) I get:

        <results>
        <result>
        <host name="10.1.0.201" ip="10.1.0.201"/>
                <date>
                        <start>Wed Jan 17 09:56:04 2007</start>
                        <end>Wed Jan 17 09:56:11 2007</end>
                </date>
        <ports>
                <port protocol="tcp">
                        <service name="general/tcp" method="nessus"
conf="3" />
                        <information>
                                <severity>Security Note</severity>
                                <id>10180</id>
                                <data>The remote host is considered as
dead - not scanning</data>
                        </information>
                </port>
        </ports>
        </result>
        </results>


Do you know why the difference? I guess it has to be with the fact that
the result for pinging both host is not the same: not event the ARP
request is answered for the local host, but packets to remote host are
directly sent to the default gateway.

I would like to get the same results for both cases, is that possible
with some configuration change?

Thank you!
-- 
                                        Federico Petronio
                                        petrus@activesec.biz
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scanning Win2k with Nessus, Beau Nuanes
Next by Date:  Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison
Previous by Thread:  Nessus 3.0.5 released, Renaud Deraison
Next by Thread:  Re: Empty reports vary whether host is in same LAN than Nessus or not, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]