Renaud Deraison wrote: > > Then as a pen-tester you are expected to understand what's going on > (ie: after a Nessus scan, you can't ping the host any more). If you > only do a Nessus scan and call it a "pen-test" and do not "tickle" > the remote host at all after the scan itself, then something is very > wrong. >
If the scan takes 5+ hours (if it's a large scan) I might not be around when it finishes (maybe at night), or I might be pen-testing other systems, or.... Many things can happen since the scan finished and I retake the pen-test for a given system (or group of), things (i.e. network operators :-) can modify the environment when I get around to check and test the results Nessus gives.
In any case, the message currently given by check_ports (rev 1.16) is fine by me.
Javi
