On Sat, 12 May 2007 03:26:28 +0000
"Asterisks *" <asterisks1@hotmail.com> wrote:
Is it necessary to activate all the port scanners?
Not all of them. But at least one of them.
e.g. SYN scan or TCP scan.
If 1 port scanner can do the job then why do we need so
many in the family?
SNMP and netstat can do the job very quickly and safely, but they need
credentials on the target, so they may fail.
If they succeed, they will return the full list of open ports, as if you
scanned 1-65535. If you wanted to restrict your range (e.g. only test
your web servers on 80 & 443), then you must disable them.
TCP scan is quick but more resource greedy then SYN scan. It can go mad
and slow down considerably in some pathological cases.
SYN scan is slower but its behaviour is more consistent.
Calling external programs (Nmap or Amap) is very expensive
(especially Nmap which needs kazillons of memory). Nmap can be horribly
slow in pathological cases (TCP scan performs much better); IMHO,
there is no need now for it, that's why the wrapper (nmap.nasl) was
removed from the plugin feed.
Amap is not a very efficient port scanner, but it has a very
good service recognition feature. It is rather intrusive,
unfortunately.
If you really want to try one of those, it is better to run them
beforehand, save the result to a file, and then import the file into
Nessus.
However, unless you have very specific needs, you'd better play with
the internal scanners.
In short:
- unless you want a restricted port range, enable SNMP and netstat.
Then chose one of the two "active" scanners:
- if you do not have an crazy IPS or a psychotic firewall, or an
awfully slow or fragile network, use TCP scan. Otherwise, use SYN scan.
If you are afraid of missing an open port, enable both, but this
will be slow.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
