Tenable/List,
Starting last month, Nessus began crashing our Citrix Metaframe farm (approximately 60 servers). The same scan ran every month without incident for over a year prior to November. It may be the case that the scan did not bring down all the servers, but brought down certain services that are critical to Metaframe functionality. Here's a quote from the Citrix administrator: It seems that somehow the scan causes the IMA (Independent Management Architecture) service to stop on almost all the MF servers. There were only 5 that did not have the IMA service stopped. Of course, when that happens, they are dead to the ZDC (Zone Data Collector) which reports them as Server Down. The IMA service is critical to the communication between the MF servers and the ZDC. Pertinent facts: * Scan authentication: none * Nessus version : 3.0.4 * Plugin feed version : 200612082115 * Type of plugin feed : Direct * Port scanner(s) : nessus_tcp_scanner * Port range : default * Thorough tests : yes * Experimental tests : no * Safe checks : yes * Max hosts : 10 * Max checks : 4 * Scan Start Date : 2006/12/9 12:32 * Scan duration : 155 sec Nothing dangerous appears to be turned on, except possibly "thorough tests." I use Edgeos' python-based update-nessusrc.py script to keep the config file up-to-date. The parameters I pass to the script (which show the plug-in families I use) are in the attached file, update.txt. The same servers were scanned last week with ONLY local security checks / Microsoft bulletins turned on (checks for missing patches only). Those scans use the same settings as above, only the port range is 1-65535, and Nessus authenticates to the servers with an account in the Domain Admins group. That scan did not impact the servers at all. John Scherff Sr. IT Security Analyst 24 Hour Fitness [EMAIL PROTECTED]
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
