George A. Theall wrote:
Which scanner(s) are you using and how are they configured?
Understand that UDP port scans are *slow* -- scanning all
possible UDP ports can take a day or more for a single
target! Also, this is just a drawback of UDP scanning, not
Nessus per se. Avoid it if at all possible.
How can you disable UDP scans altogether? I don't see a switch for
that...? I've spent a lot of time optimizing our *tcp* port ranges and
scan options, but still find Nessus runs off trying to do whole suites
of UDP tests - like the snmp ones (this is for DMZ scans, so I'd rather
enable all tests, but limit the ports). I know I can - by hand - turn
such tests off, but I'd rather leave all tests enabled, specify port
range, and configure Nessus not to runs tests if they don't involve one
of the "live" ports. (I'm not scanning Class B's BTW ;-)
It takes me days too. This isn't Nessus's fault, but when your Network
Group decide to enable a /22 on the Internet and then only "officially"
have two hosts on it, you still have to scan the entire /22 "just in
case" someone has shoved another host on without reporting it. :-(
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
