I am running some test scans against an XP SP2 host. The firewall on this host is enabled, only allowing 4 ports and ICMP ping through. I am running a scan against it using the Nessus Client for Linux, with "Ping the remote host" and "Nessus TCP scanner" being the port scanner options enabled and the "Port range" field empty. I'm finding that when I run a scan, after it gets through the "Portscan" phase and into the "Checks" phase, it is still trying to make a large number of connections to the filtered ports and taking a very long time to run. However, if I set it to "Consider unscanned ports as closed", the "Checks" phase progresses much faster and it does not try to make as many connections to filtered ports.
Is there a good way to make the "Checks" phase run plugins against only ports that were found to be open in the "Portscan" phase? -Will _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
