Mailing List Archive

Just verified with Nessus 1.3.4 from cvs and latest plugins, NetBIOS tests
on port 139 do not return correct results.
Can anyone else re-create the problem?

Alex.
>> Comparing Nessus 1.2.7 and 1.3.3 reports I had found that
>> 1.3.3 does not report NetBIOS vulnerabilities on port
>> 139/tcp. Here are some vulnerabilities which are missing by
>> 1.3.3: 1. Null session 2. Enumerating local/domain users 3.
>> Showing domain/host SIDs 4. Disabled user accounts check And
>> other on port 139/tcp

> Just verified with Nessus 1.3.4 from cvs and latest plugins, NetBIOS tests
> on port 139 do not return correct results.
> Can anyone else re-create the problem?

new nessus increases paralallelism (runs faster) and might muck up netbios
if you don't make sure you include 139 and 445 in the non parallel ports
section of nessusd.conf:

# non_simult_ports = Services/www, 139, Services/finger
non_simult_ports = 139, Services/unknown, 445
--
Michael Scheidell
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

I had verified, that ports 139 and 445 are listed in the
non_simult_ports in nessus.conf and .nessusrc files.
However the only results I receive on 139 and 445, that these ports are
open.
None of the vulnerabilities are detected.

Alex.

> > Just verified with Nessus 1.3.4 from cvs and latest
> plugins, NetBIOS
> > tests on port 139 do not return correct results. Can anyone else
> > re-create the problem?
>
> new nessus increases paralallelism (runs faster) and might
> muck up netbios if you don't make sure you include 139 and
> 445 in the non parallel ports section of nessusd.conf:
>
> # non_simult_ports = Services/www, 139, Services/finger
> non_simult_ports = 139, Services/unknown, 445

I don't see anything unusual in the dump or messages files

Nessusd.messages file has the following for the SMB tests:
"Not launching smb_pluginname.nasl against xxx.xxx.xxx.xxx because the
key SMB/login is missing (this is not an error)"

It may explain why other smb plugins don't return results, however I
don't receive results from smb_login.nasl plugin, which should not
depend on SMB login info and should return me "NULL session" Windows
vulnerability.

Is it a problem with "smb_login.nasl" plugin?

Alex.


> > > Just verified with Nessus 1.3.4 from cvs and latest
> > plugins, NetBIOS
> > > tests on port 139 do not return correct results. Can anyone else
> > > re-create the problem?
> >
> > new nessus increases paralallelism (runs faster) and might muck up
> > netbios if you don't make sure you include 139 and 445 in the non
> > parallel ports section of nessusd.conf:

On Mon, Feb 10, 2003 at 06:21:12PM -0800, Zimin, Alex wrote:
>
> It may explain why other smb plugins don't return results, however I
> don't receive results from smb_login.nasl plugin, which should not
> depend on SMB login info and should return me "NULL session" Windows
> vulnerability.
>
> Is it a problem with "smb_login.nasl" plugin?

There was a problem with libnasl in the CVS (post 1.3.3). This is now
fixed.