Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
Long scans and memory usage
michael.reeves at ae
Aug 20, 2001, 12:21 PM
Post #1 of 3 (1719 views)
Permalink
When I do rather large scans, nessus slowly starts to use more memory. Right
now I am scanning only 2 of my class B networks and am noticing heavy
paging. Usuall starts in the second half of the second class B.

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
16116 root 18 0 14228 11M 12120 R 20.6 19.6
34:38 nessusd
26871 root 14 0 14276 13M 14080 R 5.6 22.8
0:00 nessusd
26874 root 18 0 14276 13M 14092 R 5.6 22.8
0:00 nessusd
26866 root 4 0 14280 13M 12020 S 3.7 22.8
0:00 nessusd
26877 root 15 0 14268 13M 12052 R 3.7 22.8
0:00 nessusd
26878 root 15 0 14268 13M 12056 R 3.7 22.8
0:00 nessusd
26879 root 15 0 14260 13M 12032 R 2.8 22.7
0:00 nessusd
26875 root 15 0 14456 14M 14132 R 1.8 23.1
0:00 nessusd
26876 root 18 0 14456 14M 14148 R 0.9 23.1
0:00 nessusd

Pulled that from top... I am doing a tcp ping of port 80 to see if the host
is up then checking for the ISAPI overflow and to see if it has the codered
backdoor in it. I would like to schedule a big scan of about 10 class B
networks but I am having perf problems. Anyone else see this?


Mike Reeves
Security Administrator
Re: Long scans and memory usage [ In reply to ]
deraison at cvs
Aug 20, 2001, 2:25 PM
Post #2 of 3 (1674 views)
Permalink
On Mon, Aug 20, 2001 at 03:21:25PM -0400, Reeves, Michael (GEAE, Compaq) wrote:
> When I do rather large scans, nessus slowly starts to use more memory. Right
> now I am scanning only 2 of my class B networks and am noticing heavy
> paging. Usuall starts in the second half of the second class B.
[...]
> Pulled that from top... I am doing a tcp ping of port 80 to see if the host
> is up then checking for the ISAPI overflow and to see if it has the codered
> backdoor in it. I would like to schedule a big scan of about 10 class B
> networks but I am having perf problems. Anyone else see this?

Work is underway to allow Nessus to scan class-B networks (and bigger),
but today there are issues : a minor memory leak on the server side
(which end up being big, as you've seen) and a majors leaks on the
client side (all fixed in the 1.1.x tree in CVS, but work has to be
done).

My suggestion is that you split your scans in smaller subnets.


-- Renaud
Re: Long scans and memory usage [ In reply to ]
hvdkooij at vanderkooij
Aug 20, 2001, 2:37 PM
Post #3 of 3 (1670 views)
Permalink
On Mon, 20 Aug 2001, Renaud Deraison wrote:

> On Mon, Aug 20, 2001 at 03:21:25PM -0400, Reeves, Michael (GEAE, Compaq) wrote:
> > When I do rather large scans, nessus slowly starts to use more memory. Right
> > now I am scanning only 2 of my class B networks and am noticing heavy
> > paging. Usuall starts in the second half of the second class B.
> [...]
> > Pulled that from top... I am doing a tcp ping of port 80 to see if the host
> > is up then checking for the ISAPI overflow and to see if it has the codered
> > backdoor in it. I would like to schedule a big scan of about 10 class B
> > networks but I am having perf problems. Anyone else see this?
>
> Work is underway to allow Nessus to scan class-B networks (and bigger),
> but today there are issues : a minor memory leak on the server side
> (which end up being big, as you've seen) and a majors leaks on the
> client side (all fixed in the 1.1.x tree in CVS, but work has to be
> done).
>
> My suggestion is that you split your scans in smaller subnets.

Sounds like a class B per session would be a reasonable workaround. It
beats the windows codered scanner that does only class C as a maximum.

Hugo.

--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal