Hello,
I can confirm 3.2.1 for Windows is buggy.
What I did (using my laptop with 3.2.1 version):
- scan a host (my website) -> Failed (Remote host dead)
- reinstall Nessus 3.2.1 and repeat the test -> Failed again
- uninstall 3.2.1 and install 3.2.0. Repeat the scan -> Succeded!
- upgraded plug-ins (keeping 3.2.0) and repeat the scan -> Succeded!
So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows). At the
moment, my advice for windows users would be downgrading to 3.2.0.
During the tests, I monitorized traffic with Wireshark:
- remote host dead -> Nessus sent two SNMP probes ; and received two icmp
responses, because snmp target port is closed. Nothing more.
- alive -> Like the former one but then Nessus continued sending tcp
packets! :-)
Since Sergio had the same problem, I'm wondering if the problem is known
and whether it is being reviewed.
Regards,
-Roman
Roman Medina-Heigl Hernandez escribió:
Sergio, which Nessus version are you using?
I have 3.2.0 (windows) on my desktop and in my case could solve the problem
by activating "icmp ping" (as sugested by George). This was possible
because the scanned host is responding to icmp echo (although it's got
closed all the ports used by "tcp ping").
I've got 3.2.1 (windows) on my laptop and it's not working at all against
the very same host. I thought it's a problem in my laptop, not Nessus'. But
if you confirm 3.2.0 worked for you but not 3.2.1... Please, could you
elaborate on that? Anyway, don't panic, I still think it could be some kind
of problem in my laptop (perhaps some antivirus module, etc.... although I
disabled Windows firewall and some antivirus services, and the problem
remains...).
Cheers,
-Roman
Sergio Castro escribió:
I reported this exact same problem a few weeks ago.
I was running the previous version of Nessus with no problems whatsoever.
Then I updated to the latest version for Windows, and had this "remote host
is dead" problem too. Nothing changed in my system, and I tried to scan the
exact same hosts I was sucessfully scanning with the older version of
Nessus.
With the help of Ron Gula, I went through the same troubleshooting you are
going through, with no results. I still can't scan hosts on the Internet,
only LAN.
Regards,
Sergio
-----Mensaje original-----
De: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
En nombre de Roman Medina-Heigl Hernandez
Enviado el: Lunes, 23 de Junio de 2008 02:21 p.m.
Para: nessus@list.nessus.org
Asunto: Remote host dead?
Hello,
I'm trying to scan a host with the default policy. The host is alive and
responding to pings. I got no results when scanning with Nessus 3.2.0
(Windows). Looking at scan.log (in he "logs" dir), I can see a "remote host
is dead". But my question is why? If I run nmap against the host, I can see
unprivileged ports open (>1024) and of course it's responding to ping. I
also entered 1-65535 in "port scanner range". No luck at all. Am I missing
something? Perhaps a bug in Nessus?
Another question, how could I debug this? If I enable the option to "save a
packet capture of the scan", I couldn't find any new log on logs dir (where
should it be placed?)
Log attached (IP stripped; I could provide it in private for
testing/debugging purposes):
[Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 20:56:48
2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] [Mon Jun 23
20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 20:56:48
2008][540] user localuser : launching clrtxt_proto_settings.nasl against
X.X.X.X [1] [Mon Jun 23 20:56:48 2008][540] user localuser : launching
dont_scan_settings.nasl against X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540]
user localuser : launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23
20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished its job
against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540]
dont_scan_settings.nasl (process 2) finished its job against X.X.X.X in
0.000 seconds [Mon Jun 23 20:56:48 2008][540] ssh_settings.nasl (process 3)
finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48
2008][540] user localuser : launching snmp_settings.nasl against X.X.X.X [4]
[Mon Jun 23 20:56:52 2008][540] snmp_settings.nasl (process 4) finished its
job against X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user
localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23
20:56:54 2008][540] ping_host.nasl (process 5) finished its job against
W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user localuser :
launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 20:56:54
2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 20:56:54 2008][540]
Finished testing X.X.X.X. Time : 6.718 secs, 6 plugins launched [Mon Jun 23
20:56:54 2008][540] 1 hosts scanned
--
Saludos,
-Roman
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
