On Fri, Jul 04, 2003 at 11:26:54AM +0200, Michel Arboi wrote:
Ideally, when the network is temporaly down, we should suspend the tests until it goes up again. SOmething to do here?
Please ! Yes, you need a working network to do a network security audit. If it goes down, your audit is incomplete. Is it the job of Nessus to workaround broken network configurations ? No. What's next ? Making sure the routes are right ?
What if the scan host running Nessus gets black listed throughout the test? That might be reasonable for Nessus to cross check and warn the user if that happens. AFAIK there is no check that warns the user of this event, might it be reasonable to code in such a plugin in the ACT_END (post-attack) phase?
Something on the lines of:
------------------------------------------------------------------------
Nessus cannot reach the remote host X after all the scans have been finished this might be an availability problem related which might be due to the following reasons:
1.- The remote host is now down. This might happen if you are not running SAFE checks the host might have locked due to one of the DoS plugins.
2.- You are experiencing a network outage and the remote network cannot be reached from the Nessus server.
3.- Your Nessus server has been blacklisted by the system administrator or by automatic intrusion detection/prevention systems which have detected the vulnerability assessment.
------------------------------------------------------------------------
Regards
Javi
