Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Nessus out of memory/server crash

from [Doty, Timothy T.] Network Security [Permanent Link]
Subject: Nessus out of memory/server crash
Date: Fri, 10 Aug 2007 10:28:46 -0500 
I've been running nessus against systems on our network in a fairly stable
state for almost a year now and am now experiencing problems the most
obvious manifestation of which is the out of memory errors. Checking
nessusd.dump shows messages like:

[26618] internal_send->select (4) timed out after 60 secs (overloaded CPU ?)
[25645] internal_send->select (4) timed out after 60 secs (overloaded CPU ?)
[25675] internal_send->select (4) timed out after 60 secs (overloaded CPU ?)
[26455] internal_send->select (4) timed out after 60 secs (overloaded CPU ?)
[4296] os_send(10) failed -- Broken pipe
[4296] internal_recv_n(10): Error in the middle of a message : Broken pipe
(type=262144)
[26839] os_send(8) failed -- Broken pipe
[26839] internal_recv_n(8): Error in the middle of a message : Broken pipe
(type=262144)
[4296] os_send(10) failed -- Broken pipe
[4296] internal_recv_n(10): Error in the middle of a message : Broken pipe
(type=262144)
[9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.'
[9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.'
[9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.'

Our server is a 3 GHz Xeon with 2GB of memory. As noted it has been running
with the current configuration for nearly a year. Historically it has run
with a load averaging out to around 5 with minimal CPU usage (the CPU is
normally waiting on the network). Currently it quickly escalates until there
are so many scan processes that it dies.

Redhat enterprise 4 (I believe), nessus 3.0.3 (I haven't had time to deal
with getting it upgraded). There isn't much else on the box -- it is
dedicated to the task of network scanning. It does run nmap as well, but
there is almost no overhead due to nmap. Everything is logged in oracle so
there is the overhead of talking to our oracle server.

I believe our server group recently applied security patches to the system,
but I haven't seen any reference to such impacting nessus.

We do use tarpits interspersed throughout our IP address space, but I was
just able to verify that nessus is in fact skipping those (they are in an
exclusion list). It does seem to be taking an inordinate amount of time
(around 11 minutes each) scanning unused IP addresses.

Any thoughts on what could be wrong or to check next?

I do want to upgrade nessus, but will most likely have to wait until the
semester is well under way to have any time for that.

Tim Doty

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus performance on Linux, Richard van den Berg
Next by Date:  Converting nbe to xml error, Jason
Previous by Thread:  Nessus performance on Linux, Richard van den Berg
Next by Thread:  Re: Nessus out of memory/server crash, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]