On Wed Sep 20 2006 at 18:33, Douglas Nordwall wrote: > Well, for me, the sheer configurability of it is the best part. Speed > isn't always what you are after, and just this morning, speed was the > enemy. We had a box that had countermeasures on it, and we had to > move slow to not trigger them. I didn't see an option for this on the > built in scanner.
safe_checks && max_checks=1 gives the lowest speed. (! safe_checks) && max_checks>=5 gives the highest speed. > I also like the ability to control port scan randomization We may introduce some trick against *basic* portscan detection, but probably not randomization, because it might lead to erratic problems. > and very fine grained control of the timing. Fine grained control is the enemy of adaptability. Maybe I did not find a single box with anti-portscan countermeasures, but I scanned many boxes on unreliable links or loaded networks. In such cases, the scanner has to slow down when it starts losing packets, and speed up later. nessus_tcp_scanner does this rather well; in fact much better than any other port scanner I tried. > Part of it, I imagine is because we really like nmap and there is a > mental "this is the best port scanner This sounds more like marketing than technique to me. Anyway, I do not see where the problem is. nmap.nasl has always been available, and the import function works fine and does not need to be updated everytime a new option pops up. Running Nmap from inside Nessus is definitely a bad idea, for reasons that are written on the web site. -- http://arboi.da.ru/ http://ma75.blogspot.com/ PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91 Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
