hi George,
I'm running with NessusWX 1.4.5 and couldn't find this option "Consider
unscanned ports as closed" which you mentioned. Is there a similar setting
in NessusWX?
Actually I do not use/enable KB on my nessusd.
I read that Nessus is intelligent to seek out the vulnerability for only
those services running on opened ports based on the services plugins. I was
curious and disabled the port scanners family and enabled services plugins.
It still managed to determine the services on the target hosts.
- Does it mean that Nessus is relying on other internal port scanner (other
than port scanner family) to identify the open ports before launching the
services plugin to determine the service?
- Or that the services plugins invoke a different set of port scanners to
perform its tasks?
thanks for your advice!
***************************************************
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Thu, 10 May 2007 10:09:06 -0400
References: <BAY127-F37FCFB54DDD3DCB4CF6A508D3A0_at_phx.gbl>
On 05/10/07 06:54, Asterisks * wrote:
- I did 2 tests by disabling the port scanner plugin family( the 2 plugin
were missing then) and later >enabling the family. there is no difference
in the results were identical. I'm not sure why this is so. Am I missing
something here?
Perhaps "Consider unscanned ports as closed" was not checked. Perhaps the
configuration >>retrieves info on ports from the KB... It's hard to say
with the info you've provided.
George
--
theall_at_tenablesecurity.com
From: "Asterisks *" <[EMAIL PROTECTED]>
To: [email protected]
Subject: RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Thu, 10 May 2007 10:54:58 +0000
Hi George,
My nessusd is v3.0.2 for linux. I've tried copying the missing *.nes files
to the plugin folder and it seemed to work fine. THANKS!!!!
I'm curious, previously when these 2 port scanners were not inlcuded in the
port scanner family, I still managed to scan and the results showed ports
that were opened. But the report did not specified that port scanners were
used (until i included these 2 missing scanner, it stated only these 2 as
the port scanners being used though I've enabled all port scanners).
Just puzzled :-
- Aren't the rest of the port scanner plugins in the port scanner family
considered as Port Scanner as well?
- I did 2 tests by disabling the port scanner plugin family( the 2 plugin
were missing then) and later enabling the family. there is no difference in
the results were identical. I'm not sure why this is so.
Am I missing something here?
Thanks for your advice.
***************************************************************
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Wed, 09 May 2007 12:27:41 -0400
References: <BAY127-F17D4A0625D9D3D10CAC0618D3B0_at_phx.gbl>
--------------------------------------------------------------------------------
On 05/09/07 01:28, Asterisks * wrote:
No they were not available previously.
Which platform and version of the Nessus server are you using? How did you
install it?
These are the port scanner plugins available in the list:
Nessus SNMP scanner
Ping the remote host
scan for Labrea
exclude top level domain wildcard host
These are all plugins written in NASL; the two you're missing are in C.
there is no *nes file in the plugin directory in the nessusd host. what
er these *nes files? Can I add them in manually?
*.nes are compiled versions of C plugins. You're best bet for recovering
them is to re-install / >upgrade Nessus and then update your plugins.
George
--
theall_at_tenablesecurity.com
From: "Asterisks *" <[EMAIL PROTECTED]>
To: [email protected]
Subject: RE: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Wed, 09 May 2007 05:28:59 +0000
Hi George,
No they were not available previously.
These are the port scanner plugins available in the list:
Nessus SNMP scanner
Ping the remote host
scan for Labrea
exclude top level domain wildcard host
there is no *nes file in the plugin directory in the nessusd host. what er
these *nes files?
Can I add them in manually?
Thanks for your advice
--------------------------------------------------------------------------------------------------------
Subject: Re: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
From: "George A. Theall" <theall_at_tenablesecurity.com>
Date: Tue, 08 May 2007 20:44:06 -0400
References: <BAY127-F11F2D923C3F0361132438B8D440_at_phx.gbl>
Were these scanners available before you updated your plugins?
In NessusWX, when you group plugins by Family in the plugin list (F8),
what plugins if any are listed in "Port scanners"?
Do you have any files matching "*.nes" on the nessusd host in the plugins
directory? If not, you probably need to re-install Nessus on the server.
George
--
theall_at_tenablesecurity.com
From: "Asterisks *" <[EMAIL PROTECTED]>
To: [email protected]
Subject: Nessus :: Port scanners - tcp connect() & SYN scan MISSING
Date: Tue, 08 May 2007 04:15:47 +0000
Hi
I've read about Nessus built-in port scanner tcp connect() scan (plugin
10335) but after downloading the latest plugin from Nessus onto my
Nessusd server (restarted daemon service) and reconnecting with NessusWX,
I'm unable to locate this plugin in NessusWX.
SYN Scan (plugin 11219) is also not found.
Can anyone advise?
thanks,
Tony
_________________________________________________________________
PC Magazines 2007 editors choice for best Web mailaward-winning
Windows Live Hotmail.
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
_________________________________________________________________
Catch suspicious messages before you open themwith Windows Live Hotmail.
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_protection_0507
_________________________________________________________________
PC Magazines 2007 editors choice for best Web mailaward-winning Windows
Live Hotmail.
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
_________________________________________________________________
Make every IM count. Download Messenger and join the im Initiative now.
Its free. http://im.live.com/messenger/im/home/?source=TAGHM_MAY07
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
