I'm not clear ... did you enable any plugins other than the scanners?
Does the same occur if you do a port scan with something like nmap?
Sorry I didn't make that clearer. I was running all plugins allowed by
safe checks. In addition, I had disabled all local checks for all OS. I
attempted to reproduce the fault with nmap using every scan type. None of
the nmap scans resulted in the phones rebooting.
What I've observed in the past is that enabling the global variable
setting "Thorough tests" can also cause problems because some service
detection plugins will send packets to any port that's flagged as an
unknown service, not just those commonly associated with it.
Thorough checks were not enabled.
You could look in the Nessus server log,
/opt/nessus/var/nessus/logs/nessusd.messages, provided you have
'log_whole_attack' set to 'yes' in Nessus' config file so that you're
logging details of the attack.
Alternatively, you might be able to look at the packet capture you have,
find when a target stops responding, and see what was being sent before
that.
Somehow I knew you were going to say that ;) However, it doesn't hurt to
ask for an easy solution before beginning the brain-numbing task of
parsing .messages or analyzing packet traces!
George
--
theall@tenablesecurity.com
------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 49, Issue 11
**************************************
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
