That is definitely on my list of things to do and I'll catch up on the release notes now. I'm actually itching for 3.1, but it is still in beta. I do wonder about it not being a problem until about 10 days ago though.
Tim Doty -----Original Message----- From: Ron Gula [mailto:[EMAIL PROTECTED] Sent: Friday, August 10, 2007 11:37 AM To: Doty, Timothy T. Cc: [email protected] Subject: Re: Nessus out of memory/server crash Hi Tim, I suggest upgrading to 3.0.6. There were several known memory issues fixed in this release, as well as in 3.0.4 and 3.0.5. You can read release notes in the news section here: http://www.nessus.org/news/ Glad to see you are using tarpits. I think honeypots and generally trying to deceive an attacker with fake hosts (as compared to trying to masquerade real hosts) is a good thing. http://blog.tenablesecurity.com/2006/09/using_honeypots.html Ron Gula, CTO Tenable Network Security Doty, Timothy T. wrote: > I've been running nessus against systems on our network in a fairly > stable state for almost a year now and am now experiencing problems > the most obvious manifestation of which is the out of memory errors. > Checking nessusd.dump shows messages like: > > [26618] internal_send->select (4) timed out after 60 secs (overloaded > CPU ?) [25645] internal_send->select (4) timed out after 60 secs > (overloaded CPU ?) [25675] internal_send->select (4) timed out after > 60 secs (overloaded CPU ?) [26455] internal_send->select (4) timed out > after 60 secs (overloaded CPU ?) [4296] os_send(10) failed -- Broken > pipe [4296] internal_recv_n(10): Error in the middle of a message : > Broken pipe > (type=262144) > [26839] os_send(8) failed -- Broken pipe [26839] internal_recv_n(8): > Error in the middle of a message : Broken pipe > (type=262144) > [4296] os_send(10) failed -- Broken pipe [4296] internal_recv_n(10): > Error in the middle of a message : Broken pipe > (type=262144) > [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' > [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' > [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' > > Our server is a 3 GHz Xeon with 2GB of memory. As noted it has been > running with the current configuration for nearly a year. Historically > it has run with a load averaging out to around 5 with minimal CPU > usage (the CPU is normally waiting on the network). Currently it > quickly escalates until there are so many scan processes that it dies. > > Redhat enterprise 4 (I believe), nessus 3.0.3 (I haven't had time to > deal with getting it upgraded). There isn't much else on the box -- it > is dedicated to the task of network scanning. It does run nmap as > well, but there is almost no overhead due to nmap. Everything is > logged in oracle so there is the overhead of talking to our oracle server. > > I believe our server group recently applied security patches to the > system, but I haven't seen any reference to such impacting nessus. > > We do use tarpits interspersed throughout our IP address space, but I > was just able to verify that nessus is in fact skipping those (they > are in an exclusion list). It does seem to be taking an inordinate > amount of time (around 11 minutes each) scanning unused IP addresses. > > Any thoughts on what could be wrong or to check next? > > I do want to upgrade nessus, but will most likely have to wait until > the semester is well under way to have any time for that. > > Tim Doty > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
