Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: After a scan... host is considered as dead.

from [Steve Royer] Network Security [Permanent Link]
Subject: Re: After a scan... host is considered as dead.
Date: Thu, 10 Apr 2008 08:48:23 -0400 
You're right... we found that McAfee Desktop Firewall black list the nessus
server ip because of a tcp scan detection...

Thank you!

Steve


2008/4/8, Rui Chilro <rchilro@fcna.up.pt>:


 Hi there,

This may seem naive but i had a similar problem and found out that the
linux server built additional rules to the firewall to block my nessus
server.

Glad if it help!



Cheers



Rui




 ------------------------------

*De:* nessus-bounces@list.nessus.org [mailto:
nessus-bounces@list.nessus.org] *Em nome de *Steve Royer
*Enviada:* terça-feira, 8 de Abril de 2008 15:33
*Para:* nessus@list.nessus.org
*Assunto:* After a scan... host is considered as dead.



Hello everyone,



Francesco Sottini post a message recently.. I have a similar problem.



Consider a host A (Windows XP) and a nessus server B (installed on Windows
XP).



For the 1st scan of A, everything work correctly... (B ping A and A ping
B)



But subsequently scan of A give me alway the same result "Remote host is
considered as dead..."

I've force Nessus to disable pinging but the result remain the same...



Within a shell on B, I cannot ping A and within a shell on A I cannot ping
B (100% packet loss).



In fact, on A I can ping every server on my network exept where was coming
the first scan (Nessus server)

And on B I can ping every workstation that have'nt been scanned.



I'm using Nessus 3.2.0.



This was a scenario where Nessus server is installed on Windows XP.  The
same result occur for the new Nessus Server rpm 3.0.6 on redhat.



Thank you

Steve






*

*>* On Apr 8, 2008, at 1:57 PM, francesco sottini wrote:
*>*
*>* > Dears,
*>* >
*>* > I am doing an university project and the final goal is to scan 4
*>* > hosts and report all the problems that we meet.
*>* > Well, the 4 hosts are on a private network. to scan them, we have to
*>* > connect with the nessus client to a nessus server and then scan the
*>* > target.
*>* > The problem is that for an host, i obtain always the result:" The
*>* > remote host is considered as dead - not scanning".
*>* >
*>* > I suppose that on that host, declared fromt he professor "an hard
*>* > challenge", there is a kind of IDS or honeypot..
*>* >
*>* > what can i do?
*>*
*>* You can force Nessus to disable pinging the remote host prior to
*>* scanning. Edit your policy -> advanced -> "Ping the remote host" and
*>* uncheck all the boxes (ICMP ping, TCP ping and ARP ping).
 *


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NSR vs. NBE, George A. Theall
Next by Date:  Re: Nessus 3.2. for windows, Steve Royer
Previous by Thread:  Re: After a scan... host is considered as dead., francesco sottini
Next by Thread:  setsid() function call vulnerability (VU#740619) on OpenVMS, Yanyan Wang
Indexes:  [Date] [Thread] [Top] [All Lists]