I am using nessus version 1.2.7 for linux, under Red Hat, with ALL plugins enabled, including dangerous ones. I was scanning an internal Solaris box which happened to have the ISS host based sensor running on it, but after the nessus scan the ISS listener appears to have been crashed (although I have not verified this with the IDS person).
Here is the nmap scan before: Port State Service 80/tcp open http 111/tcp open sunrpc 902/tcp open unknown 2998/tcp open iss-realsec 32772/tcp open sometimes-rpc7 and here is the nmap scan after running nessus against it: Port State Service 80/tcp open http 111/tcp open sunrpc 902/tcp open unknown 32772/tcp open sometimes-rpc7 Now, the fact that port 2998 disappeared doesn't really bother me, in fact I think it is a GOOD thing that nessus could kill it. What bothers me is that no where in the report out of nessus did this port number appear! I had nessus configured using the GUI for port range "Default range (nmap-services + privileged ports)" and port 2998 does appear in the nmap-services file. Any idea why nessus wouldn't tell me about the port, but apparently did do something to that port? This brings up a bigger issue I have with nessus report...I really wish that the report would include a list of all the ports it found open, similar to the nmap output I listed above. nessus is obviously using nmap to do a port scan, why not include that output in a single "note" just like the traceroute information is provided? - Tim Aldrich - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
