Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: scanning multiple hosts

from [darko g] Network Security [Permanent Link]
Subject: Re: scanning multiple hosts
Date: Wed, 12 Dec 2007 19:33:38 -0500 
Ahh, now I understand your situation a little better.

The missed ports sounds like a timeout setting. Are you using Nmap?

If you scan everything and leave it all at defaults -- yes, it will
take forever and produce false positives.  also, you should be
questioning and scrutinizing the nessus results for false positives.

I have found the following works well
- focus & tailor your scans. scanning everything takes forever. what's
the scope of your security report?
- don't scan across network bounderies. nessus generates a lot of
traffic, and if you send it to routers, switches, IDS's, firewalls
e.t.c.  you will discover they will do exactly what they are supposed
to do. might even slow to a crawl or crash and cause a outage in the
process.
- adjust # of hosts and the # of scans settings.

hope this helps.

there is a cool cisco press book (i think it was ciso?) that i read
once that had a chapter on nessus and how to performance tune it.
check the cisco site.



On Dec 12, 2007 3:34 PM, Steve Templists <stemplists@gmail.com> wrote:

Thanks for the reply.

Yes I am running it on one machine.  I understand the desire to distribute
the load, but as a consultant it would be a burden to have to lug around two
machines just to run a scan.  As it is we have to use one box for some of
our Windows based tools and one for linux.  Anyone else run into this?




On Dec 12, 2007 3:26 PM, darko g <d.gavrilovic@gmail.com> wrote:


Whats your setup? Just one machine as a scanner & client? not gonna
cut it. you need to distribute it.





On Dec 12, 2007 2:52 PM, Steve Templists <stemplists@gmail.com> wrote:

I've been a nessus user for years, but I have getting horrible results
recently when scanning more than one host at a time.

When scanning multiple hosts, the scanner will completely miss open

ports,

or it will see the port as open during the port scan, but then report

that

the port "was open but is now closed".  I have had this problem on

numerous

installations recently, all using the latest rpm for suse 10 and the

latest

nessus-client version.  The scans I am performing are using the default

scan

policy, the default port range, and the default scan options.

If I scan one host at a time I get "more reliable" results.  Although

I'm

questioning any results I get.  And scanning a class C is very time
consuming when starting one host at a time.

Not sure if anyone else has had issues and/or has any ideas.

Oh, and my hardware is new too so I don't think its a processor/memory
problem.

Thanks for any feedback.  I sure hope I'm missing something easy.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus





--
cheers,
dg




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus





-- 
cheers,
dg
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Adding tags to the XML output, Ron Gula
Next by Date:  Re: Web Front for Nessus, darko g
Previous by Thread:  Re: scanning multiple hosts, Steve Templists
Next by Thread:  Re: scanning multiple hosts, James Birk
Indexes:  [Date] [Thread] [Top] [All Lists]