Mailing List Archive

On Thursday 28 August 2008 18:35:23 [SiN] wrote:
> ive been trying to use nesses to keep a ports list of open ports and
> systems on my public network.
[snip]

Which Nessus version are you using? And what portscanners are in use?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

transient services on high ports could do this. firewall manipulation could
as well.

On Thu, Aug 28, 2008 at 9:35 AM, [SiN] <x0sin0x@gmail.com> wrote:

> ive been trying to use nesses to keep a ports list of open ports and
> systems on my public network. When I go talk to an owner of a system I am
> told those ports have been open for years and they actually connect to them
> on a daily basis during their daily work. I could see an instance where a
> port was seen one day and not the next then back again. But ive been seeing
> more and more ports open up as new ports but in fact have been there for a
> long time. Im also seeing instances where ports are seen during the scan, I
> check later with nmap or try and connect through telnet (to tcp ports) and
> its closed (most cases the ports are listed as UNKNOWN).
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs

On Tue, 2 Sep 2008 15:24:09 -0600
"[SiN]" <x0sin0x@gmail.com> wrote:

> 3.0.6

On Unix or Windows?

> ive tried a few different methods and port scanners.

Supposing you have the Unix version, the results might be more reliable
if you upgrade, because of misc improvements in the TCP port scanner
See http://ma75.blogspot.com/2008/03/nessus-32-is-out.html

The SNMP "pseudo scanner" may show open ports which are in fact
filtered, as it directly asks the remote machine and cannot guess if
there is a firewall on the way. It may also be confused by buggy SNMP
agents (mainly NT4 and Win2000). The newest versions include a new
preference ("Probe open ports") that will get rid of these false alerts.

You do not give much details about your configuration, your bandwidth,
the bandwidth of the targets, ping time, etc., so I'm aonly guessing.
In difficult configurations, scanners cannot do miracle, i.e. be quick _and_
reliable. If you bandwidth is limited, you have to reduce max_hosts and
max_checks.
BTW, are some of the targets infected by worms? Malware can ruin a
bandwidth when they try to propagate.

--
http://www.bigfoot.com/~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus