So you want to go around crashing your productions servers to see if they really are vulnerable!!?? I admit though ... if you did, then you really would no once and for all whetehr or not you had a problem! ;)
I am no longer sure about my previous conclusion that modifying the Services.txt file ... closer investigation revealed that scans against NFS were still occurrnig.
However, Renaud was kind enough to pass no the follownig (paraphrased) advice:
CHANGING THE PORTS THAT NESSUS WILL SCAN
- Instead of writing out your own lists of ports to use (fairly lengthy task), you can just comment out the ports that you don't want scanned.
- If nmap is installed, then edit nmap's services file (as it's used by default), otherwise edit /etc/services. And in any case, delete /usr/local/var/nessus/services* and restart nessusd.
- Instead of writing out your own lists of ports to use (fairly lengthy task), you can just comment out the ports that you don't want scanned.
- If nmap is installed, then edit nmap's services file (as it's used by default), otherwise edit /etc/services. And in any case, delete /usr/local/var/nessus/services* and restart nessusd.
Regardnig the rest of your post:
- yes, I had it set to default
- yes, I had it set to default
- Nessus uses the following file first (if it exists): /usr/share/nmap/nmap-services
- Then it looks here:/etc/services
- So you can delete /usr/local/var/nessus/services*
If you alter the first file that nessus uses and removed/commented out the reference to the port you didn't want to scan, I can't see how it would ever check that port again...
Pavel Kankovsky <[EMAIL PROTECTED]> wrote:
Pavel Kankovsky <[EMAIL PROTECTED]> wrote:
On Mon, 16 Feb 2004, Kava Kicks wrote:
> Hmmm ... I don't know that the goal of testing is to break things;
> rather, it is to see if it *could* be broken .. but anyway ;)
A test that has broken its subject is a good test.
A test that has not broken its subject might be a good test on an
unbreakable subject as well as a bad (insufficient, incorrect,
improper...) test on a breakable subject.
> I think it was the portscan that did it. I have Nessus set up to carry
> out its default scan, then I also use Nmap as a secondary scanner.
> After I modified the Services.txt file (but left the Nmap settings
> alone), the crash no longer occurred.
Ah...the list of ports to be scanned was "default", right? "default"
stands "all ports found in services.tcp (all all TCP ports found in
/etc/services when services.tcp is not available)". You could do the same
think if you replaced "default" with an explicit list of ports minus the
port you want to avoid but I admit the list would be too long to be
practical. On the other hand, a list of intervals like "1-2048,2050-" can
be as good (if not better because it can find services listening on
obscure ports) as a sparse set of most popular ports in many cases.
> Just curious, why don't you think that modifying the services file is a
> good idea? Surely it is easier to modify one file that will only affect
> Nessus, instead of trying to create/modify a firewall rule that willl
> affect evertyhing on that machine?
You might convince the scanner to leave a certain port alone this way but
it cannot guarantee Nessus won't touch the port at all.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
Find local movie times and trailers on Yahoo! Movies.
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
