On 8/9/07, Richard van den Berg <[EMAIL PROTECTED]> wrote: > > I'm running nessus 3.0.5 on Debian 4.0 with a 2.6.18 kernel. The > hardware is a Pentium 4M 2.2 GHz with 1GB of RAM. I'm using nessj on > another system to connect to this nessus scan engine. > > max_checks and max_hosts are both set to 2.
this will make scanning even one machine pretty slow. 2 checks at a time :) I've enabled all plugins > except DoS and safe_checks are off. I use nmap for port scanning, and > the results are loaded from a gnmap file. while totally unscientific (otherwise known as in my experience), I've seen nmap run via nessus be more resource intensive than the built in tcp scanner. Understandable too, because nmap is super-fatanstic-swiss-army-knife-of-network-awesomeness. It can be a bit overkill for "generic" scanning though :) Occasionally the scanning system becomes very unresponsive, system load > shoots up to around 10 and the CPU is at 0% idle. Today is especially > bad with the system spending hours with continuously 60% of CPU time > spent on "system" with peaks of 80%. If I "kill -STOP" the nessus > processes, the system goes back to 99% idle. Only 800MB of RAM is used, > and no swapping occurs. It's not uncommon for me to see my system load during a scan be over 30. During parts of my scan (I have not actually sat down and figured out if it was the port scan or the vuln checks). My scanning system also can get pretty beat up by this, but it's an older box. This causes nessus to take hours to scan a single host with only a few > open ports. Tcpdump shows that the hosts are still being scanned, but at > a very slow rate. does the host have any countermeasures on it? firewall with drop rules or IPS? A very slow rate in my experience usually points to it not getting responses back from the host. Try tailing (tail -f) your nessusd.messages and nessusd.dump files and see what portion of the scan it's at. You can also figure out some of this with an ps -efwww What could be the reason that my system is spending so much time on > kernel processes? Is there any tuning I can do to prevent this from > happening? > Sincerely, > > Richard van den Berg > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
