On Wed, Sep 13, 2006 at 07:42:11PM -0400, George A. Theall ([EMAIL PROTECTED]) wrote: > On Wed, Sep 13, 2006 at 03:47:49PM -0600, Ken Dyke wrote: > > >We have a number of hosts where a service has been moved to a different > >port. For example, a host with ssh server listening on port 10022 (it > >happens that it is the only port open on that host). Even if I > >specifically tell nessus to scan that port it still returns an empty > >report. > > Is plugin #10180, ping_host.nasl, being run? Check the nessusd.messages > log; it might be even if you haven't enabled it explicitly since it's a > dependency on a number of scanners. If it is and you're using TCP pings > (the default), make sure you include 10022 for the preference "TCP ping > destination port(s)". Otherwise, the ping scanner will mark the host as > dead since, in this case, no other ports are open and Nessus will not > bother scanning it any further.
Set up details: nessusd=nessus-2.2.8 OS=coreOS (Linux) client machine is Fedora Core 5 nessus-client-2.2.7 nessus-gui-2.2.7 On "Scan Options" tab entered 10022 in port range field. Only "Port scanner" checked is "Nessus TCP scanner. Even though nessusd gets an ack from the target it still concludes that it is dead. :-( relevant tcpdump lines: [...] 15:58:51.197946 IP xxx.xxx.xxx.xxx.41785 > nnn.nnn.nnn.nnn.10022: F 1:1(0) ack 1 win 5840 <nop,nop,timestamp 130843319 148508320> 15:58:51.207297 IP nnn.nnn.nnn.nnn.10022 > xxx.xxx.xxx.xxx.41785: P 1:25(24) ack 1 win 5792 <nop,nop,timestamp 148508321 130843319> [...] nessusd.messages [Fri Sep 22 15:58:47 2006][4885] user ken_i_m : session will be saved as /usr/lib/nessus/users/ken_i_m/sessions/20060922-155847-index [Fri Sep 22 15:58:50 2006][4885] user ken_i_m starts a new scan. Target(s) : nnn.nnn.nnn.nnn, with max_hosts = 20 and max_checks = 4 [Fri Sep 22 15:58:50 2006][4885] user ken_i_m : testing nnn.nnn.nnn.nnn (nnn.nnn.nnn.nnn) [6367] [Fri Sep 22 15:58:51 2006][6367] user ken_i_m : The remote host (nnn.nnn.nnn.nnn) is dead [Fri Sep 22 15:58:51 2006][6367] Finished testing nnn.nnn.nnn.nnn. Time : 0.65 secs [Fri Sep 22 15:58:51 2006][4885] user ken_i_m : test complete [Fri Sep 22 15:58:51 2006][4885] Total time to scan all hosts : 4 seconds [Fri Sep 22 15:58:51 2006][4885] user ken_i_m : Kept alive connection -- I reason and act, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group Founder, Helena Linux Users Group (406) 581-0495 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
