I was curious as to the results of using or not using the following: Safe
Checks, Paranoid, and "default" vs "1-65535" port range for scanning.
Against 2 servers, I had the following results, against Windows servers,
with a Windows Nessus 3.06 installation, registered plugins, updated today
With the presumption that a Paranoid, Safe Checks OFF scan would produce
more data, I ran this test against 2 servers, once with default ports, one
with 1-65535
Test 1: Paranoid ON, Safe Checks OFF, Default VS 1-65535
Result: More ports were found open in the full port range scan vs
default: to be expected. No additional vulnerabilities were reported,
however, so the additional port range *in this case* only increased scan
time, without providing useful information.
Test 2: Ports 1-65535, Safe Checks OFF: Paranoid vs Normal (Not paranoid)
Paranoid resulted in a false positive WinSyslog (Plugin ID 11884)
identification, and a false positive related to a Cisco Switch
vulnerability (10682). Interestingly, the Normal test showed a false
positive that Paranoid did not have, related to CON/AUX in http servers
(10930). All except the Syslog were related to HP Insight Manager ports.
Results were the same on both machines.
Test 3: Ports 1-65535, Not Paranoid, Safe vs. Not Safe:
The reports were identical, except, similar to above, Safe Checks OFF
showed a false positive that Safe Checks ON did not have, related to
CON/AUX in http servers (10930).
So, in my case: Safe Checks, Normal produced the most reliable results.
Default vs 1-65535 simply increased the scan time, but did not provide
additional useful information -- though it's highly conceivable it might
on different systems.
Event logs were checked and no reboots, system crashes, application hangs,
or other problems were identified during any of the testing.
Would be interested in hearing results of similar testing by others.
Thanks,
Mike
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
