On Tue, 2002-12-10 at 15:37, Carl Houseman wrote:
> When a web server with everything blocked except 443 is scanned by the
>default Nessus configuration, it is considered "not alive" and is
>ignored.
>
Targeting your scan appropriately is one of the most important steps in
getting accurate results. If you are scanning hosts which are known not
to respond to icmp, then you must either:
1.- manually add a common port to the tcp ping list that you know is
common among all the hosts in the test.
2.- configure your scan so that all hosts are scanned, regardless of
ping tests.
> When that web server is scanned by Nessus with TCP Ping enabled on
>443, it is reported as alive and tested for other vulnerabilities.
>
> Therefore, please include 443 as a default port in the TCP Ping test.
>It would eliminate this FAQ as well as improve the overall reporting
>integrity of Nessus out-of-the-box.
While not a bad idea, I don't consider this to reflect upon Nessus'
reporting integrity. A security scanner can only be as thorough as the
security engineer using it.
>
> I hope this clears up any confusion, but if there is still a question,
>please let me know how I can clarify further.
>
> Thanks to all of you folks for your efforts on Nessus of course.
> Carl
>
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
