Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Remote host dead?

from [Roman Medina-Heigl Hernandez] Network Security [Permanent Link]
Subject: Re: Remote host dead?
Date: Tue, 24 Jun 2008 10:14:21 +0200 
George A. Theall escribió:

On Jun 23, 2008, at 6:39 PM, Roman Medina-Heigl Hernandez wrote:


Btw, the "do not scan fragile
devices" will only appear if you create a new policy. Why doesn't it  
appear
when editing default scan policy?


It's a known issue, I'm afraid.


Another Windows issue (I guess): If I create a new policy, and enter 
"credentials", the window gets screw (same text is duplicated upper and 
down, using "half" a font :)).


I disabled the ping scan and it didn't work either. But... I  
reenabled ping
and check icmp ping in advanced options, and now it worked!! I  
suppose that
Nessus marks a host as dead if all tests failed, and now that icmp  
ping is
being checked, the host is no longer mark as dead... is it right?

Anyway, I'm still a bit confused because letting only marked the  
"Nessus
TCP scanner" option (thus ping scanner disabled), and changing "port
scanner range" from "default" to 1-65535, the host is still being  
marked as
dead. What's the exact algorithm to mark a host as dead?


Hmm, my advice wasn't totally correct. If you're enabling plugin  
dependencies (which you almost certainly want to do), ping_host.nasl  
will get run anyway. The correct solution for disabling the ping  
scanner is to uncheck all the boxes (ICMP ping, TCP ping, and ARP ping).


Qs:

1.- If I check the three marks (icmp, tcp, arp), I suppose the host will 
only be detected as dead when the three tests fail, am I right?
2.- When a host is detected as dead, is it right to assume that all modules 
(ping_host.nasl, dont_scan_printers.nasl, etc) got a failure? In other 
words, the host is alive when at least one of the modules thinks so (some 
kind of "OR" logical operation), and it is dead when all modules fail 
(logical "AND"). Right?


And why are those
ports not being used by TCP scanner?


Are you scanning over a PPP or PPTP connection? That's also not  
supported currently in Nessus Windows.


No, it's a LAN connection (ADSL). Btw, is there any doc discussing Windows 
vs Linux version differences such as the former one?

-- 

Saludos,
-Roman

PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: nessus registration windows, George A. Theall
Next by Date:  How to scan target host without checks if it alive?, Taras Ivashchenko
Previous by Thread:  Re: Remote host dead?, George A. Theall
Next by Thread:  Re: Remote host dead?, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]