Hi there
I've just noticed our scheduled nessus scans aren't getting the Windows
results they normally return anymore.
We run a weekly "lite scan" against Windows hosts - discovering what
patches are missing, along with what software is installed, etc.
Our software developers run all sorts of weird network services and
Nessus has been known to cause grief, so I run it with a majorly
cut-down port list (ie 135,137,139,445) and have "unscanned ports
closed" set too. That has meant Nessus only scanned the NetBIOS ports
and didn't even send a single packet to other port numbers. Worked well.
Some time over the past couple of weeks something's changed, and now
Nessus can't get any real details out of the Windows hosts. Running the
scan through the GUI, I can see Nessus reports "139/tcp, 137/udp and
445/tcp" as being open - and yet with none of the normal detail. And yet
if I disable the "unscanned ports closed" checkbox and run the same scan
again - everything comes right and I get the results I need. However,
nessus is then hammering all sorts of extra ports - which I cannot have.
To reiterate: all I have to do is turn off "unscanned ports closed" to
make this problem disappear.
The cause (symptom?) of the problem happens immediately after starting
the scan:
Not launching cifs445.nasl against ip.add.ress none of the required tcp
ports are open (this is not an error)
launching ping_host.nasl against ..
launching nessus_tcp_scanner.nes against ...
Well that looks plain wrong. For one thing, shouldn't cifs445 be called
AFTER the port scanners are called? I'm guessing "unscanned ports
closed" sets something to empty instead of NULL and so cifs445.nasl skips?
I have deleted /opt/nessus/var/nessus/plugins* and run
nessus-update-plugins (and restarted) and it made no improvement. This
is with nessus-3.2.1 under RHE4
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
I've just noticed our scheduled nessus scans aren't getting the Windows
results they normally return anymore.
We run a weekly "lite scan" against Windows hosts - discovering what
patches are missing, along with what software is installed, etc.
Our software developers run all sorts of weird network services and
Nessus has been known to cause grief, so I run it with a majorly
cut-down port list (ie 135,137,139,445) and have "unscanned ports
closed" set too. That has meant Nessus only scanned the NetBIOS ports
and didn't even send a single packet to other port numbers. Worked well.
Some time over the past couple of weeks something's changed, and now
Nessus can't get any real details out of the Windows hosts. Running the
scan through the GUI, I can see Nessus reports "139/tcp, 137/udp and
445/tcp" as being open - and yet with none of the normal detail. And yet
if I disable the "unscanned ports closed" checkbox and run the same scan
again - everything comes right and I get the results I need. However,
nessus is then hammering all sorts of extra ports - which I cannot have.
To reiterate: all I have to do is turn off "unscanned ports closed" to
make this problem disappear.
The cause (symptom?) of the problem happens immediately after starting
the scan:
Not launching cifs445.nasl against ip.add.ress none of the required tcp
ports are open (this is not an error)
launching ping_host.nasl against ..
launching nessus_tcp_scanner.nes against ...
Well that looks plain wrong. For one thing, shouldn't cifs445 be called
AFTER the port scanners are called? I'm guessing "unscanned ports
closed" sets something to empty instead of NULL and so cifs445.nasl skips?
I have deleted /opt/nessus/var/nessus/plugins* and run
nessus-update-plugins (and restarted) and it made no improvement. This
is with nessus-3.2.1 under RHE4
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus