Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Several Service Stopped Responding results on busy servers?

from [Steven Adair] Network Security [Permanent Link]
Subject: Re: Several Service Stopped Responding results on busy servers?
Date: Fri, 27 Apr 2007 11:59:27 -0500 (EST) 
Well this would make sense if you were scanning client machines without
firewalls or a server that responds on one port than opens up other ports
for various communication.  If a user were to browse to various websites,
they might have a slew of random open ports (they'll probably be
relatively incremental if it's the same program).  These will change
during the session and will close when their session ends.  You might just
be seeing this.

Steven


I've noticed when scanning "busy" targets with many active TCP
connections, that I'll see on some of these hosts, findings that a service
stopped responding after a prior successful attempt.

In remediation, the port referenced in the report is no longer available,
checked both on the host, and from different host, attempting to connect
to that port.

So I'm wondering if Nessus may have found a port open that was being used
for communication to a 3rd client PC, and the port was closed at the end
of the session with the 3rd client PC, so Nessus, seeing the port
disappear, flagged it as a possible DoS, when it was just a normal
communication channel that ended/closed between the target server and a
3rd client.

Make sense?  Possible?

Thanks,
Mike_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Several Service Stopped Responding results on busy servers?, Mike . Vasquez
Next by Date:  Re: Function solaris_check_patch has no argument version, George A. Theall
Previous by Thread:  Several Service Stopped Responding results on busy servers?, Mike . Vasquez
Indexes:  [Date] [Thread] [Top] [All Lists]