UDP PortScan Plug-in Update -- Good news -- was able to get an updated/revised udp_scanner from Tenable which made it work properly -- kudos to Michel and the Tenable team...if you're trying to get the udp_portscan to work, you may need to email them directly, as the plug-in download site, as of earlier today, still has the older "buggy" plug-in
--------------------------------
Now, in examining the results of the actual Nessus scan
In this case, the host that we tested at had a known bad that was undetected by Nessus (false negative) in which there was an SQL injection vulnerability that Nessus didn't pick it up (also, looks like the DDI Directory Scanner failed to properly initialize, but not exactly sure what it is/does) -- for comparison sake, we performed a ScanAlert scan (their running a version of Nessus 2.x) and it found the vulnerability (perhaps something was lost / broken going from Nessus 2.x to 3.x?)
A google search on sql_injection.nasl also turns up a false negative issue: http://www.google.com/search?hl=en&q=sql_injection.nasl&aq=f&oq=
Now, before digging into the nasl script, I would first like to examine the plug-in initialization / time-out phase as I believe that the false negative could be being caused by the plug-in failing to complete its scan (the same problem we just had with the udp scanner plug-in)
Here are the logs
[Mon Jan 05 14:24:10 2009][5856] user localuser : launching sql_injection.nasl against 192.168.3.9 [2643]
[Mon Jan 05 14:26:11 2009][5856] sql_injection.nasl (pid 2643) is slow to finish in 120 secs against 192.168.3.9 - killing it
[Mon Jan 05 14:26:11 2009][5856] sql_injection.nasl (process 2643) finished its job against 192.168.3.9 in 120.265 seconds
[Mon Jan 05 14:01:38 2009][5856] user localuser : launching DDI_Directory_Scanner.nasl against 192.168.3.9 [506]
[Mon Jan 05 14:03:39 2009][5856] DDI_Directory_Scanner.nasl (pid 506) is slow to finish in 120 secs against 192.168.3.9 - killing it
[Mon Jan 05 14:03:39 2009][5856] DDI_Directory_Scanner.nasl (process 506) finished its job against 192.168.3.9 in 121.000 seconds
Any ideas? Suggestions? Insights?
-Charles
This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivery of the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone at 630-344-1586.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
--------------------------------
Now, in examining the results of the actual Nessus scan
In this case, the host that we tested at had a known bad that was undetected by Nessus (false negative) in which there was an SQL injection vulnerability that Nessus didn't pick it up (also, looks like the DDI Directory Scanner failed to properly initialize, but not exactly sure what it is/does) -- for comparison sake, we performed a ScanAlert scan (their running a version of Nessus 2.x) and it found the vulnerability (perhaps something was lost / broken going from Nessus 2.x to 3.x?)
A google search on sql_injection.nasl also turns up a false negative issue: http://www.google.com/search?hl=en&q=sql_injection.nasl&aq=f&oq=
Now, before digging into the nasl script, I would first like to examine the plug-in initialization / time-out phase as I believe that the false negative could be being caused by the plug-in failing to complete its scan (the same problem we just had with the udp scanner plug-in)
Here are the logs
[Mon Jan 05 14:24:10 2009][5856] user localuser : launching sql_injection.nasl against 192.168.3.9 [2643]
[Mon Jan 05 14:26:11 2009][5856] sql_injection.nasl (pid 2643) is slow to finish in 120 secs against 192.168.3.9 - killing it
[Mon Jan 05 14:26:11 2009][5856] sql_injection.nasl (process 2643) finished its job against 192.168.3.9 in 120.265 seconds
[Mon Jan 05 14:01:38 2009][5856] user localuser : launching DDI_Directory_Scanner.nasl against 192.168.3.9 [506]
[Mon Jan 05 14:03:39 2009][5856] DDI_Directory_Scanner.nasl (pid 506) is slow to finish in 120 secs against 192.168.3.9 - killing it
[Mon Jan 05 14:03:39 2009][5856] DDI_Directory_Scanner.nasl (process 506) finished its job against 192.168.3.9 in 121.000 seconds
Any ideas? Suggestions? Insights?
-Charles
This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivery of the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone at 630-344-1586.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus