Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: plugin 10919

from [Scott Pate] Network Security [Permanent Link]
Subject: RE: plugin 10919
Date: Wed, 11 Apr 2007 11:28:24 -0500 
I am having trouble tracking down the reason why I see this plugin fire
off on almost every scan.  I'm not ruling out anything on my end (T1,
router, firewall...) but I have tried many different options and
scenarios, and still see this plugin, although the results are seemingly
fine otherwise. 

I understand that the plugin gets a list of port from the KB, then
attempts a SYN to those ports, which is very basic. It is difficult to
verify the ports at the exact time the plugin is launched, but I have no
reason to believe the service is being crashed.

Is there a config issue I may be missing, or have others had this
problem as well?

[root@scanner ~]# uname -a
Linux scanner 2.6.18-1.2200.fc5smp #1 SMP Sat Oct 14 17:15:35 EDT 2006
i686 i686 i386 GNU/Linux
[root@scanner ~]# cat /etc/fedora-release
Fedora Core release 5 (Bordeaux)
[root@scanner ~]# NessusClient -h
NessusClient, version 1.0.2.
[root@scanner ~]# nessusd -h
nessusd, version 3.0.5.

thx




-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org] 
Sent: Tuesday, February 20, 2007 12:12 PM
To: Scott Pate
Cc: Nessus@list.nessus.org
Subject: Re: plugin 10919

On Tue Feb 20 2007 at 18:53, Scott Pate wrote:


check_ports.nasl determines a port to be closed, do other plugins 
launch against the port after that


Not relevant, as check_ports.nasl is an "ACT_END", i.e. it runs after
all other plugins. 


Does the plugin determine a port to be closed if it fails to open a 
tcp socket (in which case the port may not be closed), or if it 
receives a RST (in which case the port is most definitely closed)?


It tries to open a connection through the standard API. The port might
be filtered.
  

What would be the implications of disabling this plugin? 


None.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: plugin 10919, Scott Pate <=
Previous by Date:  Re: cannot open libnessus.so.2, Tim Rupp
Next by Date:  Recreate nessusrc files when updating nessus?, Max Andersen
Previous by Thread:  cannot open libnessus.so.2, Tim Rupp
Next by Thread:  Recreate nessusrc files when updating nessus?, Max Andersen
Indexes:  [Date] [Thread] [Top] [All Lists]