Hi, I yesterday installed nessus-1.2.7/nmap-3.10Alpha7 on my Solaris7 machine (compiled with gcc-3.1) and started a scan of 192.168.4.0/24 using the command line nessus client. Now the scans for the "active" ip addresses terminated, but there are still many nessusd server processes hanging around and not making any progress. Output of pstack/lsof for one of these looks like this (sorry for the stupid line breaks):
14517: /usr/local/sbin/nessusd -c /usr/local/etc/nessus/nessusd.conf ff216c8c recv (24, ffbeece8, 1, 0) ff14da84 comm_send_status (57af0, 78fe8, 2cef8, 1, 47e, 19e30) + 25c 000166c4 launch_plugin (0, 1960c0, 78fe8, ffbef634, 47e, 8f798) + ec 00016cf0 attack_host (57af0, 78e38, 6, 78fe8, 78760, 1e3b98) + 2dc 00016f60 attack_start (86408, 260ee0, 789f8, 4e2f8, 78760, 1a174) + 1c4 0001a228 create_thread (0, 86408, ffffffff, ffffffff, 260e90, 8) + b8 00017b50 attack_network (57af0, 1e, f4240, 0, 260eb0, 4e2f8) + afc 00021fd8 server_thread (57af0, 19dc8, ffffffff, fffffff8, ff235e10, 1a174) + 444 0001a228 create_thread (0, 57af0, ffffffff, ffffffff, 50b78, ff21a47c) + b8 000224e4 main_loop (0, 4d800, 0, ffffffff, ff235e10, 23054) + 438 0002305c main (3, ffbefb7c, ffbefb8c, 4d4b0, 0, 0) + 514 0001603c _start (0, 0, 0, 0, 0, 0) + 5c COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nessusd 14517 root cwd VDIR 0,1 2827 13519016 /tmp (swap) nessusd 14517 root txt VREG 32,64 2646744 937913 /local/sbin/nessusd nessusd 14517 root txt VREG 32,6 17256 136624 /usr/platform/sun4u/lib/libc_psr.so.1 nessusd 14517 root txt VREG 32,6 19876 37418 /usr/lib/libmp.so.2 nessusd 14517 root txt VREG 32,6 39132 37430 /usr/lib/librpcsvc.so.1 nessusd 14517 root txt VREG 32,6 836252 37633 /usr/lib/libnsl.so.1 nessusd 14517 root txt VREG 32,6 56988 37436 /usr/lib/libsocket.so.1 nessusd 14517 root txt VREG 32,6 262116 37636 /usr/lib/libresolv.so.2 nessusd 14517 root txt VREG 32,64 86720 2061407 /local/lib/libpcap-nessus.so.1.2.7 nessusd 14517 root txt VREG 32,64 142464 2061319 /local/lib/libnessus.so.1.2.7 nessusd 14517 root txt VREG 32,6 1125872 37428 /usr/lib/libc.so.1 nessusd 14517 root txt VREG 32,64 19072 2061327 /local/lib/libhosts_gatherer.so.1.2.7 nessusd 14517 root txt VREG 32,64 2876684 2061333 /local/lib/libnasl.so.1.2.7 nessusd 14517 root txt VREG 32,6 4956 37661 /usr/lib/libdl.so.1 nessusd 14517 root txt VREG 32,6 206920 37686 /usr/lib/ld.so.1 nessusd 14517 root 0r VCHR 13,2 0t0 105552 /devices/pseudo/mm@0:null nessusd 14517 root 1w VREG 32,64 5156579 391115 /local/var/nessus/logs/nessusd.dump nessusd 14517 root 2w VREG 32,64 5156579 391115 /local/var/nessus/logs/nessusd.dump nessusd 14517 root 3w VREG 32,64 3043657 391114 /local/var/nessus/logs/nessusd.messages nessusd 14517 root 4w VREG 32,64 15 695671 /local/var/nessus/users/tbd/sessions/20021223-195558-index nessusd 14517 root 5r DOOR 0,59193 0t0 59193 (namefs) (FA:->0x30001ce7490) nessusd 14517 root 6u inet 0x30002243a78 0t835709 TCP enterprise.tbdnetworks.com:1241->enterprise.tbdnetworks.com:53034 (ESTABLISHED) nessusd 14517 root 7w VREG 32,64 0 695674 /local/var/nessus/users/tbd/sessions/20021223-195558-data nessusd 14517 root 8r DOOR 0,59185 0t0 59185 (namefs) (FA:->0x300001565d0) nessusd 14517 root 9u VREG 32,64 0 714239 /local/var/nessus/users/tbd/kbs/192.168.4.13 nessusd 14517 root 35u sock 0t0 / (/dev/dsk/c0t0d0s0) nessusd 14517 root 36u sock 0t0 / (/dev/dsk/c0t0d0s0) nessusd itself printed some messages to stdout/stderr: enterprise# /usr/local/sbin/nessusd -c /usr/local/etc/nessus/nessusd.conf [14498] nsend : Broken pipe [14498] nsend : Error 0 [14500] nsend : Broken pipe [14500] nsend : Error 0 [14500] nsend : Error 0 [14500] nsend : Error 0 [14500] nsend : Error 0 Any ideas? --nk P.S: Bon noel, merry xmas, frohe weihnachten to all of you! --nk -- Norbert Kiesel <[EMAIL PROTECTED]> TBD Networks - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
