Jason Haar <[EMAIL PROTECTED]> writes: > This appears to only kick in if the PIX receives more than one > such erroneous packet from a host in a small period of time.
That's why scanning through a firewall is unreliable. > That's good of course - but I still want to know our Internet perimeter area > is as secure as we think it is. Then run nessusd directly on the DMZ. > Has anyone else seen this, and are there ways around it - besides toning > down scanners to send one packet per minute - I don't have a spare year to > wait for the results... :-) nmap is really smart and will adapt to this. You can speed up scans using one of those tricks: http://msgs.securepoint.com/cgi-bin/get/nessus-0202/6.html As far as Nessus is concerned, you cannot do much at this time but increase delay_between_tests and plugins_timeout
