On Tuesday 02 July 2002 19:13, ~Kevin Davis� wrote: > I heard someone say today that Nessus could scan no more than a single > class C network in a single scan. I'm not sure if the statement meant less > than 255 nodes, some kind of addressing limitation, or what. Can someone > clarify to me if there is such a limitation. For the purposes of the > discussion, please assume that there are no external issues limiting Nessus > (within reason) such as lack of horsepower on the machine that is running > the server.
Definately not the case. The older versions (1.0.x) did have issues running large scan jobs, but the stable releases are able to scan much more than a full class C. For really large jobs, you probably want to break it into smaller chunks for timing reasons... many organizations turn off their workstations at 5 pm, so your scan will need to finish before then. You can speed up the scan with a couple options in the nessusd.conf file (max_hosts and max_checks), the real limitation is memory and cpu. A nice dual PIII with a gigabyte of ram can use settings as high as max_hosts=40 and max_checks=20. This would run 20 plugins in parallel across 40 hosts at any given time, so about 400 processes plus a handful others above them. You should also try for "wide and shallow" versus "skinny and deep", because the more hosts you can do in parallel, the better chance they will still be online as the scan progresses. While something can be said for running as many parallel checks on a system as possible, it tends to have a higher impact on the target systems and doesn't always equate to a faster scan. -HD
