I've been running nessus against systems on our network in a fairly stable state for almost a year now and am now experiencing problems the most obvious manifestation of which is the out of memory errors. Checking nessusd.dump shows messages like:
[26618] internal_send->select (4) timed out after 60 secs (overloaded CPU ?) [25645] internal_send->select (4) timed out after 60 secs (overloaded CPU ?) [25675] internal_send->select (4) timed out after 60 secs (overloaded CPU ?) [26455] internal_send->select (4) timed out after 60 secs (overloaded CPU ?) [4296] os_send(10) failed -- Broken pipe [4296] internal_recv_n(10): Error in the middle of a message : Broken pipe (type=262144) [26839] os_send(8) failed -- Broken pipe [26839] internal_recv_n(8): Error in the middle of a message : Broken pipe (type=262144) [4296] os_send(10) failed -- Broken pipe [4296] internal_recv_n(10): Error in the middle of a message : Broken pipe (type=262144) [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' [9500](linpha_order_sql_injection.nasl:0x9dd) Unknown escape sequence '\.' Our server is a 3 GHz Xeon with 2GB of memory. As noted it has been running with the current configuration for nearly a year. Historically it has run with a load averaging out to around 5 with minimal CPU usage (the CPU is normally waiting on the network). Currently it quickly escalates until there are so many scan processes that it dies. Redhat enterprise 4 (I believe), nessus 3.0.3 (I haven't had time to deal with getting it upgraded). There isn't much else on the box -- it is dedicated to the task of network scanning. It does run nmap as well, but there is almost no overhead due to nmap. Everything is logged in oracle so there is the overhead of talking to our oracle server. I believe our server group recently applied security patches to the system, but I haven't seen any reference to such impacting nessus. We do use tarpits interspersed throughout our IP address space, but I was just able to verify that nessus is in fact skipping those (they are in an exclusion list). It does seem to be taking an inordinate amount of time (around 11 minutes each) scanning unused IP addresses. Any thoughts on what could be wrong or to check next? I do want to upgrade nessus, but will most likely have to wait until the semester is well under way to have any time for that. Tim Doty
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
