Noticed the following with Nessus 1.2.0. I _may_ be doing a few things wrong, nevertheless, some things are just not behaving well.
1) NTP protocol: The daemon does not limit itself to running the plugins specified in the NTP protocol. It always seems to run the plugins in the SETTINGS category. This is not necessarily bad. However, the daemon is not providing the proper numbering in the response stream as it runs the test. For example, shown below is the final bit of the protocol on a request that specified 3 plugins are to be run. It correctly spits back the 3 plugins, the status messages show that only 3 should be run, but then it goes on to run 7. Fix: Either spit back all 7 plugins (and change the count in the STATUS message), or at the very least, change the count in the STATUS message. SERVER <|> PLUGINS_ORDER <|> 10336;10330;10472; <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 1/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 2/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 3/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 4/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 5/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> portscan <|> 0/100 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> portscan <|> 100/100 <|> SERVER SERVER <|> INFO <|> 10.3.1.1 <|> general/tcp <|> Nmap only scanned 0 TCP ports o ut of 65535.Nmap did not do a UDP scan, I guess. <|> 10336 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 6/3 <|> SERVER SERVER <|> STATUS <|> 10.3.1.1 <|> attack <|> 7/3 <|> SERVER SERVER <|> BYE <|> BYE <|> SERVER 2) Fake nmap progress bar. I know this has been much discussed. How bout the following solution: break the nmap scan into N distinct groups, and report on the progress of each group. For example, if each group is no larger than 1024 ports, then even on a wacky firewall firewall on a low speed connection where things are not responding properly, it will still take no more than a few minutes for a single group. This will allow for pretty decent progress reporting. 3) Nessus dumping msg "sendto : Message too liong". Scenario - (I think) - client is sending a plugin_set command with all but 1 or 2 of the plugins, so is needing to explicitly set the list. Also, in the same file (nessusd.dump), the error /usr/local/lib/nessus/plugins/oracle9i_mod_plsql_overflow.nasl : Warning : evaluating unknown variable - unbreakable is appearing. Cheers, Thomas -- ------------------------------------------------------------ E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com Tel: 1-905-331-2260 Fax: 1-905-331-2504 Tollfree in North America: 1-800-799-4831
