Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING

from [Asterisks *] Network Security [Permanent Link]
Subject: RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Fri, 11 May 2007 11:42:49 +0000
hi George,
I'm running with NessusWX 1.4.5 and couldn't find this option "Consider unscanned ports as closed" which you mentioned. Is there a similar setting in NessusWX?

Actually I do not use/enable KB on my nessusd.

I read that Nessus is intelligent to seek out the vulnerability for only those services running on opened ports based on the services plugins. I was curious and disabled the port scanners family and enabled services plugins. It still managed to determine the services on the target hosts.

- Does it mean that Nessus is relying on other internal port scanner (other than port scanner family) to identify the open ports before launching the services plugin to determine the service?
- Or that the services plugins invoke a different set of port scanners to perform its tasks?

thanks for your advice!



***************************************************
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Thu, 10 May 2007 10:09:06 -0400
References: <BAY127-F37FCFB54DDD3DCB4CF6A508D3A0_at_phx.gbl>

On 05/10/07 06:54, Asterisks * wrote:

- I did 2 tests by disabling the port scanner plugin family( the 2 plugin were missing then) and later >enabling the family. there is no difference in the results were identical. I'm not sure why this is so. Am I missing something here?


Perhaps "Consider unscanned ports as closed" was not checked. Perhaps the configuration >>retrieves info on ports from the KB... It's hard to say with the info you've provided. 

George
--
theall_at_tenablesecurity.com




From: "Asterisks *" <asterisks1@hotmail.com>
To: nessus@list.nessus.org
Subject: RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Thu, 10 May 2007 10:54:58 +0000

Hi George,
My nessusd is v3.0.2 for linux. I've tried copying the missing *.nes files to the plugin folder and it seemed to work fine. THANKS!!!!

I'm curious, previously when these 2 port scanners were not inlcuded in the port scanner family, I still managed to scan and the results showed ports that were opened. But the report did not specified that port scanners were used (until i included these 2 missing scanner, it stated only these 2 as the port scanners being used though I've enabled all port scanners).

Just puzzled :-
- Aren't the rest of the port scanner plugins in the port scanner family considered as Port Scanner as well?
- I did 2 tests by disabling the port scanner plugin family( the 2 plugin were missing then) and later enabling the family. there is no difference in the results were identical. I'm not sure why this is so.
Am I missing something here?

Thanks for your advice.







***************************************************************
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Wed, 09 May 2007 12:27:41 -0400
References: <BAY127-F17D4A0625D9D3D10CAC0618D3B0_at_phx.gbl>
--------------------------------------------------------------------------------
On 05/09/07 01:28, Asterisks * wrote:

No they were not available previously.

Which platform and version of the Nessus server are you using? How did you install it? 


These are the port scanner plugins available in the list:
Nessus SNMP scanner
Ping the remote host
scan for Labrea
exclude top level domain wildcard host


These are all plugins written in NASL; the two you're missing are in C.


there is no *nes file in the plugin directory in the nessusd host. what er these *nes files? Can I add them in manually?


*.nes are compiled versions of C plugins. You're best bet for recovering them is to re-install / >upgrade Nessus and then update your plugins. 


George
--
theall_at_tenablesecurity.com






From: "Asterisks *" <asterisks1@hotmail.com>
To: nessus@list.nessus.org
Subject: RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Wed, 09 May 2007 05:28:59 +0000


Hi George,
No they were not available previously.

These are the port scanner plugins available in the list:
Nessus SNMP scanner
Ping the remote host
scan for Labrea
exclude top level domain wildcard host

there is no *nes file in the plugin directory in the nessusd host. what er these *nes files?
Can I add them in manually?

Thanks for your advice

--------------------------------------------------------------------------------------------------------
Subject: Re: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Tue, 08 May 2007 20:44:06 -0400
References: <BAY127-F11F2D923C3F0361132438B8D440_at_phx.gbl>

Were these scanners available before you updated your plugins?

In NessusWX, when you group plugins by Family in the plugin list (F8), what plugins if any are listed in "Port scanners"?


Do you have any files matching "*.nes" on the nessusd host in the plugins directory? If not, you probably need to re-install Nessus on the server.

George
--
theall_at_tenablesecurity.com




From: "Asterisks *" <asterisks1@hotmail.com>
To: nessus@list.nessus.org
Subject: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Tue, 08 May 2007 04:15:47 +0000

Hi
I've read about Nessus built-in port scanner tcp connect() scan (plugin 10335) but after downloading the latest plugin from Nessus onto my Nessusd server (restarted daemon service) and reconnecting with NessusWX, I'm unable to locate this plugin in NessusWX.
SYN Scan (plugin 11219) is also not found.

Can anyone advise?

thanks,
Tony

_________________________________________________________________
PC Magazine?s 2007 editors? choice for best Web mail?award-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507


_________________________________________________________________
Catch suspicious messages before you open them?with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_protection_0507


_________________________________________________________________
PC Magazine?s 2007 editors? choice for best Web mail?award-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507


_________________________________________________________________
Make every IM count. Download Messenger and join the i?m Initiative now. It?s free. http://im.live.com/messenger/im/home/?source=TAGHM_MAY07

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PLUGIN HELP [nes #BFP-98828-930], John Scherff
Next by Date:  Re: Filter query, Steven McIntosh
Previous by Thread:  Re: Nessus :: Port scanners - tcp connect() & SYN scan MISSING, George A. Theall
Next by Thread:  Re: Nessus :: Port scanners - tcp connect() & SYN scan MISSING, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]