Just reading your story and thinking back to other Nessus unpleasantries I've experienced. When analyzing production networks (especially banks or any place with check printers), it's a good idea to do some sort of discovery about which IP addresses are used by production printers and remove them from the scope of your Nessus tests. Several of the NASL's will find open lpd or JetDirect ports and test them for app-layer protocol responses (i.e. 'GET / HTTP/1.0^M^M') which will trigger a print job, wasting a check and throwing off someone's next check run, ultimately making your project unpopular with the locals. Hope that saves somebody somewhere a headache.
PaulM -----Original Message----- Subject: RE: Safe scans and DoS I'm working with another client today and made sure we do a MAC-by-MAC inventory prior to running any scans. I'd have to believe other Nessus users in non-enterprise land (e.g. small banks) may have to take things from the bottom up as well. It'll take two additional days of assessment time for them, but we'll go into a scan with much better preparation. I've used a checklist for each connected device to have the client sign off that it has been backed up and/or configuration documented in the event the scan causes difficulties. I see four old HP Jet Direct servers and per Sonny's comment, I'm halfway expecting a surprise. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
