> -----Original Message----- > From: Michel Arboi [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 21, 2006 7:43 AM > To: Nordwall, Douglas J > Cc: [email protected] > Subject: Re: How to use Nessus 3.0.3 (Linux) with Nmap port scanning
<snip nice bit on configuring scans> Thanks. One nice thing about explanations like this is that they are most useful when they get into google and other folks can look them up sa well. > > I needed very slow scans (on the order of no more than 5 ports in 5 > > minutes) to bypass the countermeasures. > > This means that you'll need 65535 min = 1092.25 h = 45.5 days > to run a full port scan. Is this acceptable? I don't think so. > I am not scanning all those ports. Certainly, I would not consider doing a slow scan for 65k ports. Even the polite setting in nmap would take 8 horus. However, a few targetted ports that you suspect are open are handy for bypassing certain things. > > Maybe ask Fyodor what they did to compensate for the > problems you are > > concerned about? > > I nearly never scan *my* network. My experience comes from > different networks on my customers' sites. Many of them are a > mix of quick LAN, overloaded links or routers, slow leased > lines or high latency satellite based WAN. Scans often runs > more than a day and the network load is concentrated during > the working hours (or at least, the nature of the trafic > changes in the evening). That's why I needed an adaptative tool! > It would be great if this scanner could also suit your needs, > but I am afraid that your requirements are too strict. > First off, I didn't mean to denegrate your experience. I have no doubt that yours is broader than mine in many areas. Actually, Nessus does suit by needs for most every situation, including this network. We use it hourly. However, occasionally, we have a tough nut to crack and need to pull out a different tool. > > I know fairly well, and have access to exactly what's > happening on it, > > I can make those determinations in other ways. > > Maybe Nessus SYN scanner would be better for you? It is > slower but its behaviour is more regular, IIRC. > We use it :) > > You asked why people prefer to use nmap instead of the built in. > > I see. I am still surprised by your figures. > Really, I don't claim that this is best for everyone. Indeed, if I was less involved in this work, I would not have a need. > -- > http://arboi.da.ru/ http://ma75.blogspot.com/ > PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91 > Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91 > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
