Im running nmap from the command line to verify results from nessus. If I run a scan with with just ping and nmap (NASL) enabled using the default 'connect' option and no smb credentials I get no results at all... Going into nessus logs gives me the following....
[Fri Aug 26 19:44:15 2005][27753] user infteam starts a new scan. Target(s) : 163.119.128.180, with max_hosts = 16 and max_checks = 10 [Fri Aug 26 19:44:15 2005][27753] user infteam : testing 163.119.128.180 (163.119.128.180) [27769] [Fri Aug 26 19:44:15 2005][27769] user infteam : new KB will be saved as /usr/local/var/nessus/users/infteam/kbs/163.119.128.180 [Fri Aug 26 19:44:15 2005][27769] user infteam : launching ping_host.nasl against 163.119.128.180 [27770] [Fri Aug 26 19:44:15 2005][27769] Process 27770 seems to have died too early [Fri Aug 26 19:44:15 2005][27769] ping_host.nasl (process 27770) finished its job in 0.022 seconds [Fri Aug 26 19:44:15 2005][27769] user infteam : launching nmap.nasl against 163.119.128.180 [27771] [Fri Aug 26 19:44:15 2005][27769] Process 27771 seems to have died too early [Fri Aug 26 19:44:15 2005][27769] nmap.nasl (process 27771) finished its job in 0.076 seconds [Fri Aug 26 19:44:15 2005][27769] Finished testing 163.119.128.180. Time : 0.18 secs [Fri Aug 26 19:44:15 2005][27753] user infteam : test complete [Fri Aug 26 19:44:15 2005][27753] Total time to scan all hosts : 0 seconds Looking in nessusd.dump gives the following.... Running a test with the windows client with just remote ping and nmap (NASL) 'connect' scan enabled gives ...... [EMAIL PROTECTED] logs]# tail -f nessusd.dump malloc: Cannot allocate memory /usr/local/lib/nessus/plugins/nmap.nasl: Could not verify the signature - this script will be run in non-authenticated mode [720] Could not allocate a pointer of size 49 ! Running the same test using the linux client [EMAIL PROTECTED] logs]# tail -f nessusd.dump malloc: Cannot allocate memory /usr/local/lib/nessus/plugins/nmap.nasl: Could not verify the signature - this script will be run in non-authenticated mode [1202] Could not allocate a pointer of size 49 ! Running the test with the TCP scanner and the microsoft bulletins enabled with SMB credentails as well gives..... [EMAIL PROTECTED] logs]# > nessusd.dump [EMAIL PROTECTED] logs]# tail -f nessusd.dump /usr/local/lib/nessus/plugins/ssh_settings.nasl: Could not verify the signature - this script will be run in non-authenticated mode [2230](/usr/local/lib/nessus/plugins/ssh_settings.nasl) A non-authenticated script attempted to use an authenticated function - returning NULL [2230](/usr/local/lib/nessus/plugins/ssh_settings.nasl) script_get_preference_file_content: script is not authenticated! [2230](/usr/local/lib/nessus/plugins/ssh_settings.nasl) A non-authenticated script attempted to use an authenticated function - returning NULL [2230](/usr/local/lib/nessus/plugins/ssh_settings.nasl) script_get_preference_file_content: script is not authenticated! [2230](/usr/local/lib/nessus/plugins/ssh_settings.nasl) Only signed scripts can set a Secret/ KB entry [2231] Could not allocate a pointer of size 49 ! /usr/local/lib/nessus/plugins/nmap.nasl: Could not verify the signature - this script will be run in non-authenticated mode [2233] Could not allocate a pointer of size 49 ! mmap: Cannot allocate memory mmap: Cannot allocate memory mmap: Cannot allocate memory mmap: Cannot allocate memory /usr/local/lib/nessus/plugins/kerberos.nasl: Could not verify the signature - this script will be run in non-authenticated mode malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory [2237] Could not allocate a pointer of size 65536 ! internal_send->os_recv(4): Connection reset by peer [2243] plug_set_key:internal_send(4)['3 Transports/TCP/445=1; ']: Cannot allocate memory malloc: Cannot allocate memory /usr/local/lib/nessus/plugins/ssh_get_info.nasl: Could not verify the signature - this script will be run in non-authenticated mode malloc: Cannot allocate memory ssh_func.inc: Could not verify the signature - this script will be run in non-authenticated mode kerberos_func.inc: Could not verify the signature - this script will be run in non-authenticated mode crypto_func.inc: Could not verify the signature - this script will be run in non-authenticated mode parser stack overflow[2245]() crypto_func.inc: Parse error at or near line 117 malloc: Cannot allocate memory malloc: Cannot allocate memory [2247] Could not allocate a pointer of size 66 ! malloc: Cannot allocate memory malloc: Cannot allocate memory [2251] Could not allocate a pointer of size 32769 ! malloc: Cannot allocate memory [2250] Could not allocate a pointer of size 73 ! malloc: Cannot allocate memory [2254] Could not allocate a pointer of size 49 ! crypto_func.inc: Could not verify the signature - this script will be run in non-authenticated mode parser stack overflow[2256]() crypto_func.inc: Parse error at or near line 117 malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory [2259] Could not allocate a pointer of size 817 ! malloc: Cannot allocate memory [2258]() Line 164: Cannot compile regex: <html> (error = 12) [2258]() Line 164: Cannot compile regex: </html> (error = 12) malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory parser stack overflow[2265]() smb_header.inc: Parse error at or near line 449 kerberos_func.inc: Could not verify the signature - this script will be run in non-authenticated mode crypto_func.inc: Could not verify the signature - this script will be run in non-authenticated mode malloc: Cannot allocate memory [2269] Could not allocate a pointer of size 50 ! malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory Could not realloc() a pointer of size 161 ! malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory Could not realloc() a pointer of size 31601 ! malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory Could not realloc() a pointer of size 161 ! malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory [2395] Could not allocate a pointer of size 49 ! malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory malloc: Cannot allocate memory I dont understand why I have memory problems as I have 3Gb!!!!! Any help would be appreciated... Martin -----Original Message----- From: sanjeev sinha [mailto:[EMAIL PROTECTED] Sent: 24 August 2005 17:02 To: Martin Macleod-Brown Subject: Re: Inconsistent port scans The nessus logs should be in :/usr/local/var/nessus/logs. Also could you confirm the default behavior without setting the SMB credentials to see what the test results provide? Regarding the aborted signal, it is being reamed by a segmentation fault. Do a -dd -vv to dump the error messages. On occasions port scanning has been known to cause this. If you are doing nmap separately, why are you enabling nmap in nessus (thats what I am getting from your mail, is that a correct assumption?)? On a separate thought, regarding the ports that are not being scanned (or exposed) do the banner tests produce anything? All work and no play makes Jack a dull boy --- Jack Torrance, The Shining ----- Original Message ----- From: Martin Macleod-Brown To: 'sanjeev sinha' ; 'nessus-gen' Sent: Wednesday, August 24, 2005 11:33 AM Subject: RE: Inconsistent port scans Interesting.. I am using the Win based client, set up to ping remote host and nmap (NASL wrapper) enabled and set to do a FIN scan. Configuring plugins I have set the SMB credentials and watching the tests go through, I get 0% on port scans, but 100% on tests with no results to view.. Running nmap from a console connection to the scanning server gives me the following.. [EMAIL PROTECTED] ~]# nmap -v -n -oN file.out -P0 -sT -p 1-1024 -r 163.119.128.180 Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-24 16:26 BST Initiating Connect() Scan against 163.119.128.180 [1024 ports] at 16:26 Discovered open port 139/tcp on 163.119.128.180 Discovered open port 135/tcp on 163.119.128.180 Discovered open port 427/tcp on 163.119.128.180 Discovered open port 445/tcp on 163.119.128.180 The Connect() Scan took 0.03s to scan 1024 total ports. Host 163.119.128.180 appears to be up ... good. Interesting ports on 163.119.128.180: caught SIGSEGV signal, cleaning up Aborted I presume that the aborted connection means something is wrong??? Where can I check the nessus logs.. I can confirm that the machine is not behind a firewall, I am scanning from within our company LAN, and Nessus has rights to read the remote registry. Martin From: sanjeev sinha [mailto:[EMAIL PROTECTED] Sent: 24 August 2005 15:37 To: Martin Macleod-Brown; nessus-gen Subject: Re: Inconsistent port scans Martin, Please try to scan using the following command (nmap) to see what ports are discovered: nmap -v -n -oN file.out -P0 -sT -p 1-1024 -r <ip address> A question: is this ip address behind a firewall and if so, what is its behavior with respect to syn scans that you are using? Also, you could try FIN scan technique and observe the results. Sanjeev All work and no play makes Jack a dull boy --- Jack Torrance, The Shining ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
