Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Remote host dead?

from [Sergio Castro] Network Security [Permanent Link]
Subject: RE: Remote host dead?
Date: Wed, 25 Jun 2008 09:55:07 -0500 
I reported this exact same problem a few weeks ago.
I was running the previous version of Nessus with no problems whatsoever.
Then I updated to the latest version for Windows, and had this "remote host
is dead" problem too. Nothing changed in my system, and I tried to scan the
exact same hosts I was sucessfully scanning with the older version of
Nessus.

With the help of Ron Gula, I went through the same troubleshooting you are
going through, with no results. I still can't scan hosts on the Internet,
only LAN.

Regards,

Sergio 

-----Mensaje original-----
De: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
En nombre de Roman Medina-Heigl Hernandez
Enviado el: Lunes, 23 de Junio de 2008 02:21 p.m.
Para: nessus@list.nessus.org
Asunto: Remote host dead?

Hello,

I'm trying to scan a host with the default policy. The host is alive and
responding to pings. I got no results when scanning with Nessus 3.2.0
(Windows). Looking at scan.log (in he "logs" dir), I can see a "remote host
is dead". But my question is why? If I run nmap against the host, I can see
unprivileged ports open (>1024) and of course it's responding to ping. I
also entered 1-65535 in "port scanner range". No luck at all. Am I missing
something? Perhaps a bug in Nessus?

Another question, how could I debug this? If I enable the option to "save a
packet capture of the scan", I couldn't find any new log on logs dir (where
should it be placed?)

Log attached (IP stripped; I could provide it in private for
testing/debugging purposes):
[Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 20:56:48
2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] [Mon Jun 23
20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 20:56:48
2008][540] user localuser : launching clrtxt_proto_settings.nasl against
X.X.X.X [1] [Mon Jun 23 20:56:48 2008][540] user localuser : launching
dont_scan_settings.nasl against X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540]
user localuser : launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23
20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished its job
against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540]
dont_scan_settings.nasl (process 2) finished its job against X.X.X.X in
0.000 seconds [Mon Jun 23 20:56:48 2008][540] ssh_settings.nasl (process 3)
finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48
2008][540] user localuser : launching snmp_settings.nasl against X.X.X.X [4]
[Mon Jun 23 20:56:52 2008][540] snmp_settings.nasl (process 4) finished its
job against X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user
localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23
20:56:54 2008][540] ping_host.nasl (process 5) finished its job against
W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user localuser :
launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 20:56:54
2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 20:56:54 2008][540]
Finished testing X.X.X.X. Time : 6.718 secs, 6 plugins launched [Mon Jun 23
20:56:54 2008][540] 1 hosts scanned

-- 

Saludos,
-Roman

PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742.
Available at KeyServ] _______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

__________ NOD32 3208 (20080623) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: recommended operating system for Nessus, Renaud Deraison (lists)
Next by Date:  offline scanner, plugin updates, new license models and all, Doug Nordwall
Previous by Thread:  Re: Remote host dead?, Roman Medina-Heigl Hernandez
Next by Thread:  Re: Remote host dead?, Roman Medina-Heigl Hernandez
Indexes:  [Date] [Thread] [Top] [All Lists]