Hi there We have (via Active Directory policy) set up a specific AD account that we get Nessus to use so that it has full Registry READ access to hosts in our domain. It allows us to get good reports on our Windows hosts without needing to run Nessus as Domain Administrator.
Anyway, smb_enum_services.nasl - and I assume related scripts too - doesn't always report correctly for all the hosts it should. Sometimes the report is empty. The hosts where it doesn't work are definitely weird. They are XP, and yet port 445 is down (and 139 is up, and they are not firewalled). I even altered the nasl script to connect to port 139 instead of 445, but that never works? It is failing at the NetUseAdd stage (if tried on port 139) - which I read as meaning "Access Denied"? BTW does that mean NetUseAdd only works on Win2000+ - i.e. it's a port 445 only check? However, both Windows and Samba's smbclient tool can successfully connect to the ipc$ share on these boxes with that account - so I guess they do something different to Nessus? BTW: rebooting these XP boxes typically fixes the problem (i.e. this could be a bug with Windows really) Are there any more tricks Nessus could do to gain access to these machines? As a "wet finger in the air" estimate, I'd say 2-5% of our XP hosts are in this state at any moment in time... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
