> Host List > Host(s) Possible Issue > 255.255.255.255 Security note(s) found
What target hosts are you scanning? Aaron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 19 March 2003 14:48 To: Aaron Roberts; [EMAIL PROTECTED] Cc: Renaud Deraison Subject: Re: How to scan host that block ping ?? Hi, Thkz again for help. I tryed to ping the port 80 that is open in my remote host, see: # telnet www.host.com 80 Trying xxx.xxx.xxx.xxx... Connected to xxx.xxx.xxx.xxx. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/4.0 Date: Sat, 19 Apr 2003 11:33:50 GMT Content-Type: text/html Content-Length: 102 <html><head><title>Error</title></head><body>The system cannot find the file specified. </body></html>Connection closed by foreign host. The port is Open. :) I put it in my /root/.nessurc # This file was automagically created by nessus trusted_ca = /usr/local/com/nessus/CA/cacert.pem nessusd_host = xxx.xxx.xxx.xxx nessusd_user = armando paranoia_level = 3 begin(SCANNER_SET) 10796 = yes 10180 = yes 10331 = yes 10335 = yes 10336 = yes end(SCANNER_SET) begin(PLUGIN_SET) 10747 = yes 11187 = yes 10277 = yes 10715 = yes 10949 = yes 10973 = yes 10974 = yes 10975 = yes 10976 = yes Several pluggins.... end(PLUGIN_SET) begin(SERVER_PREFS) max_hosts = 30 max_checks = 10 log_whole_attack = yes report_killed_plugins = yes cgi_path = /cgi-bin:/scripts port_range = 1-1700 optimize_test = yes language = english per_user_base = /usr/local/var/nessus/users checks_read_timeout = 5 delay_between_tests = 1 non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes use_mac_addr = no save_knowledge_base = yes kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 plugin_upload = no plugin_upload_suffixes = .nasl admin_user = root end(SERVER_PREFS) begin(PLUGINS_PREFS) HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no HTTP NIDS evasion[radio]:URL encoding = none HTTP NIDS evasion[radio]:Absolute URI type = none HTTP NIDS evasion[radio]:Absolute URI host = none HTTP NIDS evasion[checkbox]:Double slashes = no HTTP NIDS evasion[radio]:Reverse traversal = none HTTP NIDS evasion[checkbox]:Self-reference directories = no HTTP NIDS evasion[checkbox]:Premature request ending = no HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no HTTP NIDS evasion[checkbox]:Parameter hiding = no HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no HTTP NIDS evasion[checkbox]:Null method = no HTTP NIDS evasion[checkbox]:TAB separator = no HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no Test HTTP dangerous methods[checkbox]:Integrist test = no NIDS evasion[radio]:TCP evasion technique = none NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no Libwhisker options[radio]:IDS evasion technique: = X (none) Login configurations[entry]:FTP account : = anonymous Login configurations[password]:FTP password (sent in clear) : = [EMAIL PROTECTED] rg Login configurations[entry]:FTP writeable directory : = /incoming Misc information on News server[entry]:From address : = Nessus <[EMAIL PROTECTED] sbl.org> Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests? Misc information on News server[entry]:Max crosspost : = 7 Misc information on News server[checkbox]:Local distribution = yes Misc information on News server[checkbox]:No archive = no Ping the remote host[entry]:TCP ping destination port(s) : = 80 Ping the remote host[checkbox]:Do a TCP ping = yes Ping the remote host[checkbox]:Do an ICMP ping = no Ping the remote host[entry]:Number of retries (ICMP) : = 10 Ping the remote host[checkbox]:Make the dead hosts appear in the report = yes RedHat 6.2 inetd[radio]:Testing method = quick and dirty SMB Scope[checkbox]:Request information about the domain = yes SMB use host SID to enumerate local users[entry]:Start UID : = 1000 SMB use host SID to enumerate local users[entry]:End UID : = 1020 SMB use domain SID to enumerate users[entry]:Start UID : = 1000 SMB use domain SID to enumerate users[entry]:End UID : = 1020 SMTP settings[entry]:Third party domain : = nessus.org SMTP settings[entry]:From address : = [EMAIL PROTECTED] SMTP settings[entry]:To address : = [EMAIL PROTECTED] Web mirroring[entry]:Number of pages to mirror : = 25 Web mirroring[entry]:Start page : = / Default accounts[entry]:Simultaneous connections : = 10 Services[entry]:Network connection timeout : = 5 Services[entry]:Network read/write timeout : = 5 Services[entry]:Wrapped service read timeout : = 2 Services[radio]:Test SSL based services = All Services[checkbox]:Quick SOCKS proxy checking = yes FTP bounce scan[entry]:FTP server to use : = localhost ftp writeable directories[radio]:How to check if directories are writeable : = Trust the permissions (drwxrwx---) Brute force login (Hydra)[entry]:Number of simultaneous connections : = 4 Brute force login (Hydra)[checkbox]:Brute force telnet = no Brute force login (Hydra)[checkbox]:Brute force FTP = no Brute force login (Hydra)[checkbox]:Brute force POP3 = no Brute force login (Hydra)[checkbox]:Brute force IMAP = no Brute force login (Hydra)[checkbox]:Brute force cisco = no Brute force login (Hydra)[checkbox]:Brute force VNC = no Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no Brute force login (Hydra)[checkbox]:Brute force rexec = no Brute force login (Hydra)[checkbox]:Brute force NNTP = no Brute force login (Hydra)[checkbox]:Brute force HTTP = no Brute force login (Hydra)[checkbox]:Brute force ICQ = no Brute force login (Hydra)[checkbox]:Brute force PCNFS = no Brute force login (Hydra)[checkbox]:Brute force SMB = no Nmap[radio]:TCP scanning technique : = connect() Nmap[checkbox]:UDP port scan = no Nmap[checkbox]:RPC port scan = no Nmap[checkbox]:Ping the remote host = no Nmap[checkbox]:Identify the remote OS = no Nmap[checkbox]:Use hidden option to identify the remote OS = no Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no Nmap[checkbox]:Get Identd info = no Nmap[radio]:Port range = User specified range Nmap[checkbox]:Do not randomize the order in which ports are scanned = yes Nmap[entry]:Source port : = any Nmap[radio]:Timing policy : = Normal Whisker[radio]:Method: = 1 HEAD method (default) Whisker[radio]:Alternate database format: = X standard Whisker[checkbox]:Brute force usernames via directories = no HTTP NIDS evasion[entry]:Force protocol string : = Login configurations[entry]:HTTP account : = Login configurations[password]:HTTP password (sent in clear) : = Login configurations[entry]:NNTP account : = Login configurations[password]:NNTP password (sent in clear) : = Login configurations[entry]:POP2 account : = Login configurations[password]:POP2 password (sent in clear) : = Login configurations[entry]:POP3 account : = Login configurations[password]:POP3 password (sent in clear) : = Login configurations[entry]:IMAP account : = Login configurations[password]:IMAP password (sent in clear) : = Login configurations[entry]:SMB account : = Login configurations[password]:SMB password (sent in clear) : = Login configurations[entry]:SMB domain (optional) : = Login configurations[entry]:SNMP community (sent in clear) : = Services[file]:SSL certificate : = Services[file]:SSL private key : = Services[password]:PEM password : = Services[file]:CA file : = Brute force login (Hydra)[file]:Logins file : = Brute force login (Hydra)[file]:Passwords file : = Brute force login (Hydra)[entry]:Web page to brute force : = Nmap[entry]:Data length : = Nmap[entry]:Ports scanned in parallel = Nmap[entry]:Host Timeout (ms) : = Nmap[entry]:Min RTT Timeout (ms) : = Nmap[entry]:Max RTT Timeout (ms) : = Nmap[entry]:Initial RTT timeout (ms) = Nmap[entry]:Minimum wait between probes (ms) = Nmap[file]:File containing nmap's results : = Whisker[file]:script database: = Whisker[file]:Password file: = end(PLUGINS_PREFS) begin(SERVER_INFO) server_info_nessusd_version = 1.2.7 server_info_libnasl_version = 1.2.7 server_info_libnessus_version = 1.2.7 server_info_thread_manager = fork server_info_os = Linux server_info_os_version = 2.4.18-k6 end(SERVER_INFO) begin(RULES) end(RULES) OK, i set TCP PING = yes and port to 80, it must work, but when i exec: nessus xxx.xxx.xxx.xxx 3001 armando mypass host-to-test.txt result.html -T html Then when i open result.html i have: Nessus Scan Report This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats. Scan Details Hosts which where alive and responding during test 1 Number of security holes found 0 Number of security warnings found 0 Host List Host(s) Possible Issue 255.255.255.255 Security note(s) found [ return to top ] Analysis of Host Address of Host Port/Service Issue regarding Port 255.255.255.255 general/tcp Security notes found Type Port Issue and Fix Informational general/tcp The remote host is considered as dead - not scanning Someone know what is wrong ?? Thkz a lot. Regards. [ ]'s
