Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
Serializing a port scan
Christopher.Tidball at qwest
Feb 11, 2009, 4:02 PM
Post #1 of 4 (9687 views)
Permalink
Looking for advice on how to serialize a scan of multiple hosts so that only
one host is scanned at a time. I have edited the policy so that the maximum
hosts per scanner is set to one. Is this all that is required?
Thanks,

Chris Tidball

Attached Files:

Re: Serializing a port scan [ In reply to ]
mikhail at nessus
Feb 12, 2009, 2:12 AM
Post #2 of 4 (9225 views)
Permalink
On Wed, 11 Feb 2009 18:02:48 -0600
"Tidball, Christopher" <Christopher.Tidball@qwest.com> wrote:

> Looking for advice on how to serialize a scan of multiple hosts so
> that only one host is scanned at a time.

There is no way serialize *port scanners* per se.

> I have edited the policy so that the maximum hosts per scanner is set
> to one. Is this all that is required?

Only one host will be scanned at a time, and as Nessus never runs
several portscanners simultaneously against a given host, this will
work.
It will do more than what you want, if I interpreted your question
correctly. If you need to limit the global network load, global limits
might be a solution. Try to edit global.max_simult_tcp_sessions in
nessusd.conf

PS: the mailing list will be shut down soon, you'd rather go to
http://discussions.nessus.org
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: Serializing a port scan [ In reply to ]
rgula at tenablesecurity
Feb 12, 2009, 2:27 AM
Post #3 of 4 (9218 views)
Permalink
Tidball, Christopher wrote:
> Looking for advice on how to serialize a scan of multiple hosts so that only
> one host is scanned at a time. I have edited the policy so that the maximum
> hosts per scanner is set to one. Is this all that is required?
> Thanks,
>
> Chris Tidball

This will limit your entire scan to one host at a time.

Typically when someone mentions slowing down a port scan, I suggest
they look at the credentialed port scanning and process enumeration
technique:

http://blog.tenablesecurity.com/2008/09/how-to-perform.html

If you have credentials, this is the fastest way to perform a full
port scan without creating network traffic.

Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: Serializing a port scan [ In reply to ]
nessus at the-jedi
Feb 12, 2009, 6:09 AM
Post #4 of 4 (9236 views)
Permalink
Ron Gula wrote:

[snip]
> Typically when someone mentions slowing down a port scan, I suggest
> they look at the credentialed port scanning and process enumeration
> technique:
>
> http://blog.tenablesecurity.com/2008/09/how-to-perform.html
>
> If you have credentials, this is the fastest way to perform a full
> port scan without creating network traffic.

The problem with credentialled scans is that its not going to help you
test host-based firewall rules, tcp_wrappers or software ACL's are doing
their job, as netstat will report the ports as open anyway.

I just checked and was quite relieved that Nessus when using netstat
does take notice of the interface you're scanning - i.e. if you have a
service only listen on eth0, Nessus only records it if you're scanning
eth0 and not eth1

P.S. When are we moving to the forum and closing this maillinglist?

--
Simon John
nessus at the-jedi.co.uk

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal