To report back on my findings so far... Hugo asked if I had checked which release, 1.0.10 vs 1.2.6, was more accurate for the SMB results and the answer is that 1.0.10 is much much more accurate.
Renaud asked me to try a couple of things. First one, set non_simult_ports_list to 139,445 instead of just 139. This improves things somewhat, the number of hosts found for plugin 10150 (Netbios names) goes up from 15 to 30 vs the 62 found on nessus 1.0.10. The next thing I tried was to set max_hosts=40 (up from the default of 30) and max_checks=1 (down from 10). This gets me back to pretty much where I was in 1.0.10, today's scan of the same subnet with 1.2.6 found 65 hosts responding to plugin 10150 (about the same as 1.0.10). I don't know if this improves things because of the non-parallel checking of vulnerabilities on the same host or just because my machine is much more responsive. Using the default settings for max_hosts and max_checks gives me a load average on "top" of around 49! With it set to 40/1 it drops to around 20. Looking in nessusd.messages in the runs that fail to find netbios enabled machines shows lots of "smb_login.nasl (pid x) is slow to finish - killing it". I'll do some more experimentation with this and find out. I don't get any results from plugin 10396 (SMB shares access) in 1.2.6 whatever the settings in use. 10395 works and enumerates the shares but 10396 doesn't access them any more. I'll check into this one a bit more too. Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This e-mail is privileged and may contain confidential information intended only for the person(s) named above. If you receive this e-mail in error, please notify the addressee immediately by telephone or return e-mail. Although the sender endeavours to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.] - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
