On March 7, 2007, I wrote: > In December 2006, John Scherff wrote: > > > Starting last month, Nessus began crashing our Citrix Metaframe farm > > > (approximately 60 servers). > [...] > > But I think Renaud is going to end up being correct (as usual) about the > > cause. After some investigation, I found that 'thorough tests' was > > turned on the month before the problems started occurring. > > Hi, John. I didn't see a followup to the list confirming whether "Thorough > tests" was the culprit in your Citrix server crashes. We're currently using > Nessus to scan some hosts at my company and I was considering turning on > "Thorough" because for several of the https servers we get: > > The remote web server is very slow - it took 90 seconds to execute the > plugin no404.nasl (it usually only takes a few seconds). > > In order to keep the scan total time to a reasonable amount, the remote > web server has not been tested. > > If you want to test the remote server, either fix it to have it reply to > Nessus's requests in a reasonable amount of time, or set the global > option 'Thorough tests' to 'yes' > Nessus ID : 10386 > > but since some of them are running Citrix, I'm wary of turning on "Thorough" > if it's likely to DoS the servers.
I talked to John in private email and he says that he confirmed that 'Thorough tests' was causing his Citrix service DoS. He also says the problem didn't start occurring until they applied some recent (at the time) Citrix patches. However, I also heard from a member of a different security group at my company who saw my post, and he says that they use 'Thorough tests' against Citrix servers without issue. That plus the fact that the IMA service (which was getting stopped in John's caes) isn't exposed on the servers I'm scanning (just the ICA service, 1494/tcp) indicates to me that it should be safe to turn on 'Thorough tests'. I'll post back to the list if I experience problems similar those that John hit. -- Dan Harkless http://harkless.org/dan/ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
