I was curious as to the results of using or not using the following: Safe 
Checks, Paranoid, and "default" vs "1-65535" port range for scanning. 
Against 2 servers, I had the following results, against Windows servers, 
with a Windows Nessus 3.06 installation, registered plugins, updated today

With the presumption that a Paranoid, Safe Checks OFF scan would produce 
more data, I ran this test against 2 servers, once with default ports, one 
with 1-65535

Test 1: Paranoid ON, Safe Checks OFF, Default VS 1-65535
Result:  More ports were found open in the full port range scan vs 
default: to be expected.  No additional vulnerabilities were reported, 
however, so the additional port range *in this case* only increased scan 
time, without providing useful information. 

Test 2: Ports 1-65535, Safe Checks OFF: Paranoid vs Normal (Not paranoid)
Paranoid resulted in a false positive WinSyslog (Plugin ID 11884) 
identification, and a false positive related to a Cisco Switch 
vulnerability (10682).  Interestingly, the Normal test showed a false 
positive that Paranoid did not have, related to CON/AUX in http servers 
(10930).  All except the Syslog were related to HP Insight Manager ports. 
Results were the same on both machines.

Test 3: Ports 1-65535, Not Paranoid, Safe vs. Not Safe:
The reports were identical, except, similar to above, Safe Checks OFF 
showed a false positive that Safe Checks ON did not have, related to 
CON/AUX in http servers (10930).

So, in my case: Safe Checks, Normal produced the most reliable results. 
Default vs 1-65535 simply increased the scan time, but did not provide 
additional useful information -- though it's highly conceivable it might 
on different systems.

Event logs were checked and no reboots, system crashes, application hangs, 
or other problems were identified during any of the testing.

Would be interested in hearing results of similar testing by others.

Thanks,
Mike


<<image/gif>>

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to