I've noticed when scanning "busy" targets with many active TCP
connections, that I'll see on some of these hosts, findings that a service
stopped responding after a prior successful attempt.
In remediation, the port referenced in the report is no longer available,
checked both on the host, and from different host, attempting to connect
to that port.
So I'm wondering if Nessus may have found a port open that was being used
for communication to a 3rd client PC, and the port was closed at the end
of the session with the 3rd client PC, so Nessus, seeing the port
disappear, flagged it as a possible DoS, when it was just a normal
communication channel that ended/closed between the target server and a
3rd client.
Make sense? Possible?
Thanks,
Mike
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
