I've noticed when scanning "busy" targets with many active TCP connections, that I'll see on some of these hosts, findings that a service stopped responding after a prior successful attempt.
In remediation, the port referenced in the report is no longer available, checked both on the host, and from different host, attempting to connect to that port. So I'm wondering if Nessus may have found a port open that was being used for communication to a 3rd client PC, and the port was closed at the end of the session with the 3rd client PC, so Nessus, seeing the port disappear, flagged it as a possible DoS, when it was just a normal communication channel that ended/closed between the target server and a 3rd client. Make sense? Possible? Thanks, Mike
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
