Here are my results on a 2.2.4 box.
[EMAIL PROTECTED]:/usr/local/lib/nessus/plugins$ sudo /usr/local/sbin/nessusd -d
This is Nessus 2.2.4 for Linux 2.6.8-2-386
compiled with gcc version 3.3.5 (Debian 1:3.3.5-12)
Current setup :
nasl : 2.2.4
libnessus : 2.2.4
SSL support : enabled
SSL is used for client / server communication
Running as euid : 0
[EMAIL PROTECTED]:/usr/local/lib/nessus/plugins$ sudo nasl -t
xxx.xxx.xxx.xxx tcp_seq_window_debug.nasl
The remote host RSTed our packet...it's vulnerable
Success
[26897] plug_set_key:internal_send(0)['3 TCP/seq_window_flaw=1;
']: Socket operation on non-socket
[EMAIL PROTECTED]:/usr/local/lib/nessus/plugins$
---
The 2.2.5 box returned null results every time
(NAT traversal interference a possibility?)
anondev:~# /usr/local/nessus/sbin/nessusd -d
This is Nessus 2.2.5 for Linux 2.6.8-2-386
compiled with gcc version 3.3.5 (Debian 1:3.3.5-12)
Current setup :
nasl : 2.2.5
libnessus : 2.2.5
SSL support : enabled
SSL is used for client / server communication
Running as euid : 0
anondev:~# nasl -t xxx.xxx.xxx.xxx
/usr/local/nessus/lib/nessus/plugins/tcp_seq_window_debug.nasl
anondev:~#
I ran both tests several times in a row and got consistant results on CLI.
However, automated nightly runs (and archived kb files) show the key
tcp_window_flaw missing in some scans. Hence the original question.
Could it be that
port = get_host_open_port()
is sometimes selecting a no-longer-open port for its test?
--
One other seperate question: How do the report_paranoia settings map
up to numeric equivalents? is normal 0? is paranoid 1? etc.
Specifically I'm looking at this code:
if (debug) display("The remote host RSTed our packet...it's vulnerable\n");
if( report_paranoia > 0 ) security_warning(0);
Thank you everybody for your replies.
-anon
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
