All:
From a Nessus 3.0.6 Direct Feed installation on SuSE 10.2, I ran scans
against a subnet that included Cisco IP conference stations (Model 7936)
and Cisco IP Phones (Model 7961).
Pertinent settings: Port Range: 1-65535; Optimize test: Disabled;
Safe Checks: Enabled; Port Scanners: Ping remote host & Nessus TCP
scanner; Plugins: all local checks disabled; CGI scanning enabled (with
default cgi locations specified); performing only a TCP ping (no ARP or
ICMP).
The result was the the phones all rebooted within the first few seconds
of being scanned and remained inop until the scan had completed. They
finished rebooting and none appear the worse for wear. I opened a
ticket with Cisco, collected Ethereal packet traces for one phone and
one conference station and sent them, along with the Nessus output
files, to Cisco Tech Support. Cisco's reply: Nessus is running checks
for known Cisco problems (Duh!). We (Cisco) "need to know the specific
packet that's causing the phones to reboot so we can determine if it's a
known problem or a new one"! Yes, my support contract dollars at work
(with me doing the work!). Sorry, frustration exceeding maximum limits!
Has anyone had any similar experience (with the phones, not with Cisco
Tech support!) and figued out which check or checks may be causing the
reboot so that I can disable those specific checks? Can I assume that
Nessus runs the checks in the order listed in the .nessusrc file? Since
the phones reboot in the first few seconds, whatever's causing the
problem should be near the top of the list, right?
Thanks in advance.
Larry
"There is no security on this earth, there is only opportunity." -
General Douglas MacArthur (1880 - 1964)
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
