Hello all,
I am having a problem on some of my scans. I will see tests hanging for days on end with 2.2.3, and I was wondering if I could set a timeout somewhere. I have a plugin timeout, but that isn't working. It looks like the tests just hung.
Below are some excerpts that might give you an idea of what I am seeing. (The current date is Mar 7) I have changed all the IPs to non-routable for security, but I was consistant, so X always maps to 10.1.0.1, and so on.
These shouldn't be tarpits, and even if they are, I would like to have a timeout on the host. It also doesn't look like a nmap wrapping problem. So I am not sure what to say. Is there another setting that could help?
Thanks, David Sayre
From ps auxwww
root 4089 0.0 0.5 8980 5220 ? Ss Mar01 0:00 nessusd: waiting for incoming connections
root 6158 0.1 0.8 10076 8028 ? Ss Mar04 6:22 nessusd: serving 10.0.0.1
root 6167 0.0 0.9 11012 8940 ? S Mar04 1:54 nessusd: testing 10.1.0.1
root 6385 0.0 0.9 10928 8980 ? S Mar04 0:13 nessusd: testing 10.1.0.2
root 23064 0.0 1.0 10964 9016 ? S Mar04 1:08 nessusd: testing 10.1.0.11
root 23824 0.0 0.9 10964 8900 ? S Mar04 1:58 nessusd: testing 10.1.0.13
root 28328 0.0 0.9 10836 8888 ? S Mar04 1:30 nessusd: testing 10.1.0.14
root 32574 0.0 0.9 10964 8860 ? S Mar04 0:00 nessusd: testing 10.1.0.11 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 1119 0.0 0.9 10876 8928 ? S Mar04 1:32 nessusd: testing 10.1.0.15
root 8313 0.0 0.9 10880 8932 ? S Mar04 1:19 nessusd: testing 10.1.0.3
root 8689 0.0 1.0 14792 9888 ? SN Mar04 0:00 nessusd: testing 10.1.0.11 (/usr/local/lib/nessus/plugins/DDI_IIS_Compromised.nasl)
root 8851 0.0 0.9 10928 8908 ? S Mar04 2:02 nessusd: testing 10.0.1.4
root 13010 0.0 0.9 11000 8908 ? S Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 17916 0.0 0.9 10876 8928 ? S Mar04 2:15 nessusd: testing 10.1.0.5
root 19820 0.0 0.9 10860 8912 ? S Mar04 1:41 nessusd: testing 10.1.0.6
root 20938 0.0 0.9 11112 8940 ? S Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 22691 0.0 1.0 11176 9148 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/domino_authentication_bypass.nasl)
root 22727 0.0 1.0 11120 9088 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/p-news_priv_escalation.nasl)
root 23075 0.0 1.0 11124 9108 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/ipb_sql_disclosure.nasl)
root 23082 0.0 1.0 11124 9096 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/MyAbraCadaWeb_XSS.nasl)
root 23091 0.0 1.0 11068 9092 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/spyke_flaws.nasl)
root 23101 0.0 1.0 11124 9096 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/mpm_guestbook_file_reading.nasl)
root 23124 0.0 1.0 11124 9096 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/ttforum_code_injection.nasl)
root 23128 0.0 1.0 11072 9092 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/w_agora_input_vulnerabilities.nasl)
root 23136 0.0 1.0 11124 9092 ? SN Mar04 0:00 nessusd: testing 10.1.0.14 (/usr/local/lib/nessus/plugins/vpopmail_cmd_exec.nasl)
root 23839 0.0 0.9 11040 8964 ? S Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 24607 0.0 0.9 11076 8912 ? S Mar04 0:00 nessusd: testing 10.0.1.4 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 25024 0.0 0.9 11044 8968 ? S Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 26538 0.0 1.0 11132 9140 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/notesinicheck.nasl)
root 26696 0.0 1.0 11128 9144 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/simple_chat_user_disclosure.nasl)
root 27059 0.0 1.0 14792 9864 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/DDI_IIS_Compromised.nasl)
root 27395 0.0 1.0 11124 9144 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/breakcal_xss.nasl)
root 27416 0.0 1.0 11128 9144 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/neoteris_ive_xss.nasl)
root 27421 0.0 1.0 11128 9144 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/phpgroupware_html_injection2.nasl)
root 27427 0.0 1.0 11128 9140 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/atlex_guestbook_file_include.nasl)
root 27434 0.0 1.0 11128 9140 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/rpm_query.nasl)
root 27439 0.0 1.0 11128 9140 ? SN Mar04 0:00 nessusd: testing 10.1.0.13 (/usr/local/lib/nessus/plugins/exponent_multiple.nasl)
root 28493 0.0 0.9 11024 8948 ? S Mar04 0:00 nessusd: testing 10.1.0.6 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 29528 0.0 1.0 11116 9136 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/incontent_dir_traversal.nasl)
root 29558 0.0 1.0 11112 9124 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/myphpnuke_code_injection.nasl)
root 29562 0.0 1.0 11112 9124 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/xoops_xss.nasl)
root 29604 0.0 1.0 11116 9136 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/ winmail_mail_server_information_disclosure.nasl)
root 29643 0.0 1.0 11116 9132 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/SimpleBBS_users_disclosure.nasl)
root 29650 0.0 1.0 11116 9120 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/aspjar_sql_injection.nasl)
root 29718 0.0 1.0 11116 9128 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/awol_injection.nasl)
root 29745 0.0 1.0 11116 9132 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/kietu_code_injection.nasl)
root 29752 0.0 1.0 11112 9132 ? SN Mar04 0:00 nessusd: testing 10.1.0.15 (/usr/local/lib/nessus/plugins/hotopentickets_unspecified_flaw.nasl)
root 30036 0.0 1.0 11176 9152 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/forum51_user_disclosure.nasl)
root 30043 0.0 1.0 11180 9160 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/GTcatalog_password.nasl)
root 30060 0.0 1.0 11124 9148 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/phpmychat_information_disclosure.nasl)
root 30069 0.0 1.0 11228 9152 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/web_traversal.nasl)
root 30077 0.0 1.0 11216 9144 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/domino_traversal.nasl)
root 30087 0.0 1.0 11220 9148 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/notesinicheck.nasl)
root 30090 0.0 1.0 11216 9136 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/jwalk_traversal.nasl)
root 30108 0.0 1.0 11180 9156 ? SN Mar04 0:00 nessusd: testing 10.1.0.3 (/usr/local/lib/nessus/plugins/vchat_logs.nasl)
root 30723 0.0 0.9 11164 8980 ? S Mar04 0:00 nessusd: testing 10.1.0.5 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 31303 0.0 1.1 14892 10048 ? SN Mar04 0:00 nessusd: testing 10.1.0.6 (/usr/local/lib/nessus/plugins/DDI_IIS_Compromised.nasl)
root 31578 0.0 1.0 11252 9200 ? SN Mar04 0:00 nessusd: testing 10.1.0.6 (/usr/local/lib/nessus/plugins/dangerous_cgis.nasl)
root 25589 0.0 0.9 10884 8948 ? S Mar04 0:00 nessusd: testing 10.1.0.1 (/usr/local/lib/nessus/plugins/rh_inetd.nasl)
root 26291 0.0 0.9 11044 8964 ? S Mar04 0:00 nessusd: testing 10.1.0.1 (/usr/local/lib/nessus/plugins/nikto.nasl)
root 9174 0.0 0.9 11092 8976 ? S Mar04 0:00 nessusd: testing 10.1.0.2 (/usr/local/lib/nessus/plugins/nikto.nasl)
from tail nessus.messages
[Fri Mar 4 23:30:13 2005][6396] user scanner : Not launching mdaemon_dos.nasl against 10.1.0.20 because safe checks are enabled (this is not an error)
[Fri Mar 4 23:30:13 2005][6396] user scanner : Not launching hyperbomb.nasl against 10.1.0.20 because safe checks are enabled (this is not an error)
[Fri Mar 4 23:30:13 2005][6396] user scanner : Not launching goodtech_ftpd_dos.nasl against 10.1.0.20 because safe checks are enabled (this is not an error)
[Fri Mar 4 23:30:13 2005][6396] user scanner : Not launching blackice_dos.nasl against 10.1.0.20 because safe checks are enabled (this is not an error)
[Fri Mar 4 23:30:13 2005][6396] user scanner : Not launching stream.nasl against 10.1.0.20 because safe checks are enabled (this is not an error)
[Fri Mar 4 23:30:13 2005][6396] user scanner : launching check_ports.nasl against 10.1.0.20 [22262]
[Fri Mar 4 23:30:13 2005][6396] user scanner : launching unknown_services.nasl against 10.1.0.20 [22263]
[Fri Mar 4 23:30:13 2005][6396] check_ports.nasl (process 22262) finished its job in 0.013 seconds
[Fri Mar 4 23:30:13 2005][6396] unknown_services.nasl (process 22263) finished its job in 0.012 seconds
[Fri Mar 4 23:30:13 2005][6396] Finished testing 10.1.0.20. Time : 15497.25 secs
[Fri Mar 4 23:30:43 2005][6385] nikto.nasl (pid 9174) is slow to finish - killing it
from the .nessusrc checks_read_timeout = 5 ... plugins_timeout = 320 ... Services[entry]:Number of connections done in parallel : = 10 Services[entry]:Network connection timeout : = 5 Services[entry]:Network read/write timeout : = 5 Services[entry]:Wrapped service read timeout : = 2
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
