On Fri, Jul 25, 2003 at 05:08:50PM -0700, Jay wrote:
> If you turn off all port scanning, and then just run the plugins, all the
> plugins that depend on a particular service running (which is A LOT of
> them) will automatically fail (or just not get executed by Nessus). To get
> a complete and accurate assessment, the port scan is has to be performed.
No. Each plugin which depends on a particular service fall back to its
default port if it has not been detected.
ie: A plugin looking for a flaw in a POP server will connect to port 110
- no matter what is running on it - if no POP server was detected on
the remote host.
So if you disable port scanning, then what you'll miss is smart service
recognition and in the case of a firewalled host many plugins will waste
time attempting to connect to ports which are closed.
When you scan a firewalled host and know what's running on it, you
should enter the list of open ports in the "port range" field, and
enable the option "consider unscanned ports as closed". This will
greatly speed up the overrall time of a scan while keeping it accurate.
-- Renaud
