On Tue, 23 Jan 2007 07:45:55 -0600 "Scott Pate" <[EMAIL PROTECTED]> wrote:
> I ran into this problem the other day running a port scan (1-65535) > on a firewall (which dropped all packets - no open or closed ports) Considering what happened, I suspect that your firewall does not "drop" packets but rather "rejects" them with ICMP messages. > When using nessus_tcp_scan, the 'portscan' status bar for the host > would get all the way to the end, and then start over from the > beginning. Yes, that's normal. In some cases, nessus_tcp_scanner runs additionnal passes. > It did this for about 4 hours until I stopped it. Mmmhhhh... Disappointing :( > Is this expected behavior from these scanners? If this target IP really _drops_ all packets, definitely not. I'll double check and keep you in touch anyway. If it answers with ICMP messages which are often limited (8 / s on Linux), the scanners can be awfully slow. Any idea on the remote host OS and packet filter? Which was the value of max_check? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
