On Wed, Aug 09, 2006 at 07:07:48AM +0000, Tom Deprins wrote: > I suddenly have a problem using NessusClient 1.0.0RC5 where all most > scans stop without turning up results. > > All tests I run are against our corporate public IP ranges and most > tested hosts are firewalled but often have ICMP echo-request and a range > of services enabled. When I run a scan with nessus tcp scanner, nasl > wrapper and with a ping of the remote host I get the following in > nessusd.messages: > > [Wed Aug 9 08:44:34 2006][8267] user root : testing xxxxx (x.x.x.x) [2139] > [Wed Aug 9 08:45:00 2006][2139] user root : The remote host (xxxxx) is dead
This is likely because ping_host.nasl failed to detect the host as being up. > Now the strange thing is that I could successfully scan most of these > targets yesterday, but today I always get the messages above (I have no > idea what changed between then and now). I'd look into how you have the Ping scanner configured. For example, if you were using ICMP pings and a firewall in the path was changed to block them, you'd see the behaviour. Likewise if you're using TCP pings and none of the configured ports is open today. [And btw, disabling all the ping types will of course prevent ping_host.nasl from declaring the host as dead, as you've discovered.] > To make things even more mysterious, a scan against a firewalled > webserver does work (only listens to tcp port 443) with the same settings. Then you should be able to use the ping scanner to do a TCP ping with 443 in the port range. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
