We've recently started scanning portions of our /16 frequently, and plan on doing full scans of large portions of the network on a scheduled basis.
What I've noticed is that, with the following attributes in my config file, the load average sits quite high. max_hosts = 96 max_checks = 16 be_nice = no optimize_test = yes Some background on the scanning host... The host, a FreeBSD 4.9-RELEASE box, has the following set via sysctl. kern.ipc.somaxconn=1024 kern.ipc.nmbclusters=32768 net.inet.ip.portrange.first=1024 net.inet.ip.portrange.last=10240 net.inet.ip.portrange.hifirst=30720 net.inet.ip.portrange.hilast=65535 net.inet.icmp.icmplim=0 kern.maxfiles=32768 kern.maxproc=10240 kern.maxprocperuid=7680 Additionally the kernel is compiled with NMBCLUSTERS size of 32768, and we've added 256 bpf devices to the system. The hardware we're running on is an IBM x345 with a P4 2.4Ghz Xeon processor and 1.5GB of RAM. We're already addressing the issue of adding a second CPU. The network is 100 full-duplex with little latency throughout our campus. Now to the issue... When running any types of scans tcp_connect, syn scans or nmap scans, etc. the load average will quite often sit at 30 or more on the host, taking days to scan 6 /24's. This is with "all but dangerous" plugins enabled. So my question is: what have folks done to speed nessus up? Are there any words of wisdom you can offer? I have two single processor hosts that I've been thinking of setting up to run scans from as well, and export the nessus data directories via NFS from the main host. Are there any plans to build distributed scanning techniques into nessus? Thanks for any insight. I can summarize if you reply off-list. - Eric _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
