I have installed Nessus 3.0.3 on FC5, and it's working pretty well. I have it set up to do an ARP and TCP ping to detect if hosts are dead or alive, TCP syn port scan, and reading the target ip addresses from a file. checks_read_timeout is set to 4, plugins_timeout is set to 320.
The problem lies in Nessus not scanning properly when I increase the number of IP addresses in the target list. An example, using the same configuration for all:
Scanning 192.168.0.1 to 192.168.0.254 produces
| Hosts which were alive and responding during test | 19 |
| Number of security holes found | 12 |
| Number of security warnings found | 29 |
Scanning 192.168.1.1 to 192.168.1.254 produces
| Hosts which were alive and responding during test | 34 |
| Number of security holes found | 27 |
| Number of security warnings found | 73 |
Finally, the mystery. Putting the two lists of IP addresses together, and scanning 192.168.0.1 to 192.168.1.254 produces
| Hosts which were alive and responding during test | 21 |
| Number of security holes found | 13 |
| Number of security warnings found | 32 |
I've run these multiple times, and they always produce the same results: the larger list of IPs produces inferior results compared to the subsets. Can anyone shine some light on this matter? I can provide configuration options as needed.
Thanks,
Andrew
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
