On Tue, Oct 14, 2003 at 01:57:38PM +0100, Hemsley, Trevor wrote: > I've been getting a few false positive results when I scan with msrpc_dcom2.nasl and > with msrpc_dcom.nasl. I've added a bunch of debugging to dcom2.nasl to try to track > down why it happens. So far as I can see I never get false positives when I scan one > host at a time, only when I scan a whole bunch - a /24 subnet seems to be enough to > make it happen repeatedly. The false results come when msrpc_dcom2.nasl exits > without setting the KB entry and then msrpc_dcom.nasl runs and finds the host > vulnerable to the old exploit. It looks to me like msrpc_dcom2 is exiting too early. > For example, in the function check() there is code that says
How many hosts are you testing simultaneously ? Try to edit your .nessusrc and change non_simult_ports = 139, 445 to non_simult_ports = 135, 139, 445 And see if that helps.
