It is my fault I am afraid. I sent Renaud a bug report awhile back to fix a problem with Nessusd locking up when Nmap returns all 15000 (or how ever many you scan) when all are closed. You can replicate this by scanning an IP with nothing on it. Well Renaud fixed the bug and Nessusd no longer locks up. However it does list all 15000 upd ports as being open.
You are correct in guessing that it is an Nmap problem. Nmap will report all udp ports open if none of them are. If even one port is really open, this doesn't happen. I talked to Fyodor at CanSecWest about this and he said he would try to see what he could do about it. Until then it might be wise to use Nmap alone to check for this problem and disable UDP scanning for hosts that have no UDP ports open. -Steve PS. Fyodor asked me to remind him in a bit if a fix for this didn't show up in the next version. I think he reads this list, and if so, here is a reminder :) >GVB <[EMAIL PROTECTED]> writes: > >> I am running nmap to scan 65535 ports, both UDP and TCP, and for >> some reason when I run nmap, it comes back and says that ALL 65535 >> UDP ports are open. > >I suppose that the problem comes from nmap. That's odd. Anyway if all >your UDP ports are filtered you do not need to scan them. >Just disable the UDP scan option. > >> When I run nmap outside of nessus, it doesn't report all the UDP >> ports as being open. > >Do you run it with the same options? >Note that when you run a long nmap scan, it is a good idea to save it >to a file (copy&paste or nmap -oN) and import it into Nessus. > >> Problem with the way nessus is importing the data from nmap? > >I've never seen this. > >-- >mailto:[EMAIL PROTECTED] >GPG Public keys: http://michel.arboi.free.fr/pubkey.txt >http://michel.arboi.free.fr/ http://arboi.da.ru/ >FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/ >
