"Christopher J Bidwell" <[EMAIL PROTECTED]> writes: > I'm having a serious problem with half-open connections when scanning > behind our routers that have firewalls integrated into them. > I run my scans on various subnets and it literally causes a DOS attack by > filling up the state table in the router with half-open connections.
Not very surprising. Possible work arounds: - slow down the port scan speed -- you'll have to use the nmap wrapper scanner and play with the timing options - or configure your firewall to forget the idle connections quickly (if possible) - or scan with nmap from outside your firewall, and import the result file into Nessus - if your target machines are running an SNMP agent, use the snmpwalk "port scanner". BTW, if you run Nessus without "safe checks", you may discover that your routers are vulnerable to mysterious bugs during the ACT_DENIAL or ACT_FLOOD phases. _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
