Hi All I have been having a little trouble completing scans running FreeBSD 4.6 with NMAP 3.0 (built from ports) and Nessus 1.2.5 built on 29/8/2002. I am scanning TCP and UDP ports 1-15000 against 2 remote hosts over a DSL line with timeouts set to 10 seconds and max checks 10. On returning to check the scan, I found that 1 host was stuck and nessus was no longer sending packets to this host. The log shows that the 2nd host scan had completed ok, and that some attack scripts had been started against the hung remote host, the last of these being avirt_gateway_telnet.nasl. I have also noted in the dump log that there are some send: Broken Pipe messages.
Any Help on this one out there? Secondly I have found that I can make nessus hang when I use the 'Use hidden option to indentify remote OS'. Here is the output of Nmap against the same host with this option on and off. ############ Nessus fails to proceed ########## nmap -n -P0 -p 1-15000 -sT -sU -sR -O --osscan_guess -I -r xxx.xxx.xxx.xxx Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (xxx.xxx.xxx.xxx): (The 29992 ports scanned but not shown below are in state: closed) Port State Service (RPC) Owner 21/tcp filtered ftp 53/tcp open domain 53/udp open domain 80/tcp filtered http 123/udp open ntp 443/tcp filtered https 2001/udp open wizard 12321/tcp open unknown Aggressive OS guesses: Mac OS X 10.1.5 (97%), FreeBSD 4.5-RELEASE (or -STABLE) ( X86) (97%), FreeBSD 5.0-CURRENT Sun Ap r 14 12:41:40 EDT 2002 (97%), FreeBSD 4.6-RC on Alpha (95%), FreeBSD 4.6 (94%), AIX v4.2 (91%), NetBSD 1.3 - 1.3.3 big endian arch (91%), Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac (90%) No exact OS matches for host (If you know what OS is running on it, see http://w ww.insecure.org/cgi-bin/nmap-submit.cg i). TCP/IP fingerprint: SInfo(V=3.00%P=i386-portbld-freebsd4.6%D=8/23%Time=3D66243E%O=53%C=1) TSeq(Class=TR%IPID=RD%TS=1000HZ) T1(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) Uptime 10.013 days (since Tue Aug 13 21:13:11 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 161 seconds ######## Nessus performs a complete scan ###### nmap -n -P0 -p 1-15000 -sT -sU -sR -O -I -r xxx.xxx.xxx.xxx Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (xxx.xxx.xxx.xxx): (The 29992 ports scanned but not shown below are in state: closed) Port State Service (RPC) Owner 21/tcp filtered ftp 53/tcp open domain 53/udp open domain 80/tcp filtered http 123/udp open ntp 443/tcp filtered https 2001/udp open wizard 12321/tcp open unknown No exact OS matches for host (If you know what OS is running on it, see http://w ww.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.00%P=i386-portbld-freebsd4.6%D=8/23%Time=3D662586%O=53%C=1) TSeq(Class=TR%IPID=RD%TS=1000HZ) T1(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) Uptime 10.017 days (since Tue Aug 13 21:13:11 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 157 seconds Regards David Hunt - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
