I am having trouble tracking down the reason why I see this plugin fire off on almost every scan. I'm not ruling out anything on my end (T1, router, firewall...) but I have tried many different options and scenarios, and still see this plugin, although the results are seemingly fine otherwise.
I understand that the plugin gets a list of port from the KB, then attempts a SYN to those ports, which is very basic. It is difficult to verify the ports at the exact time the plugin is launched, but I have no reason to believe the service is being crashed. Is there a config issue I may be missing, or have others had this problem as well? [EMAIL PROTECTED] ~]# uname -a Linux scanner 2.6.18-1.2200.fc5smp #1 SMP Sat Oct 14 17:15:35 EDT 2006 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# cat /etc/fedora-release Fedora Core release 5 (Bordeaux) [EMAIL PROTECTED] ~]# NessusClient -h NessusClient, version 1.0.2. [EMAIL PROTECTED] ~]# nessusd -h nessusd, version 3.0.5. thx -----Original Message----- From: Michel Arboi [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 20, 2007 12:12 PM To: Scott Pate Cc: [email protected] Subject: Re: plugin 10919 On Tue Feb 20 2007 at 18:53, Scott Pate wrote: > check_ports.nasl determines a port to be closed, do other plugins > launch against the port after that Not relevant, as check_ports.nasl is an "ACT_END", i.e. it runs after all other plugins. > Does the plugin determine a port to be closed if it fails to open a > tcp socket (in which case the port may not be closed), or if it > receives a RST (in which case the port is most definitely closed)? It tries to open a connection through the standard API. The port might be filtered. > What would be the implications of disabling this plugin? None. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
