Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: scanning multiple hosts

from [Sam Stern] Network Security [Permanent Link]
Subject: RE: scanning multiple hosts
Date: Thu, 13 Dec 2007 15:58:48 -0500 



-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-
bounces@list.nessus.org] On Behalf Of Ron Gula
Sent: Wednesday, December 12, 2007 4:59 PM
To: nessus@list.nessus.org
Subject: Re: scanning multiple hosts

Hi Steve,

Is your SuSE Nessus scanner running natively on your laptop or is it
running in a VM of some sort?

Are you scanning over wireless, through a firewall (either on your
machine or your network), through a NAT or so on? Is there an IPS in
the
middle that is preventing Nessus from performing a scan?

Are the targets you are scanning very busy, VM images or in any other
way having I/O, CPU or memory usage issues during the scan. Scanning a
host that periodically goes to 100% CPU usage won't return reliable
port
scans or scan results.

During the scan, does your laptop experience high CPU usage or high
memory usage?

Ron Gula
Tenable Network Security




This is a key Question. I'm using a Dell Vostro 1500 (Core Duo 2.2ghz, 2gb
Memory, 120 GB hard drive,gigabyte nic). After some light load testing, 5
Ip's at a time and 15 tests at a time seems to be a good mix. You should
load test the laptop on a known lan. Start with 2 hosts, 10 tests. Goto 5
hosts and increase the tests to 15-20 then add one more host at a time --
making small changes and keeping an eye on cpu and i/o use. never let either
get above 50%. Once you hit 45% - 50% resource use, that's the capabilites
of the laptop. MAke a point to disable indexers etc. that a re running on
the system. Also, test with and without the server "be nice" option. Also,
it really helps to be using kernels about 2.6.15 due to some really nice
changes in how concurrent i/o is handled via the scheduler.

If you need to make a small test lan, grab 4 boxes running 4 Vmware server
VM's of a fully loaded install of a recent oss OS like Suse (all packages)
with the VM tools installed and servers turned on. Assign each VM a random 5
ip's and watch Lots of reports from finger, talk etc come in formt he now
phoney 16 hosts running a total of 80 ip's. You can scal e this test
environment as you wish -- even with one box hosting 127 ip's etc.


Sam S.





_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Validation, George A. Theall
Next by Date:  Re: Validation, George A. Theall
Previous by Thread:  Re: scanning multiple hosts, Ron Gula
Next by Thread:  Web Front for Nessus, Yanyan Wang
Indexes:  [Date] [Thread] [Top] [All Lists]