Message: 5 Date: Wed, 19 Sep 2007 13:40:41 -0400 >From: "George A. Theall" <[EMAIL PROTECTED]> >Subject: Re: Nessus Digest, Vol 47, Issue 13 >To: [email protected] >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>On 09/19/07 13:12, Joel Elwell wrote: >> I noted that the plugin "find_service.nasl" in version 3.0.3, indicates it's >> meant to replace the >> "find_service.nes". Which is actually running in my case? One or both? >find_service.nasl will replace the C-language plugin starting in Nessus 3.2. Thanks for the clarification. >> For additional background info: The DoS target is a presentation layer >> "service" providing SQL database >> info from the back end to the application running in a browser session. Runs >> on Windows Server 2003 and IIS. >When you're running your scans and seeing CPU usage spike, you're >enabling just #10330 for service detection, right? That is correct. The only plugin enabled is #10330 >Is the target remote? Yes, the target is remote. >What services are listening remotely? Which processes are using most of >the CPU when the DoS occurs? I'll have to run another scan, and watch all the services as the scan leads up to the DoS, however the proprietary app (can't name it, sorry) is what pegs the CPU at 99%. Here's the services/ports based on NMAP scan. 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 427/tcp open svrloc 443/tcp open https 445/tcp open microsoft-ds 1029/tcp open ms-lsa 1031/tcp open iad2 2105/tcp open eklogin 3389/tcp open ms-term-serv 123/udp open|filtered ntp 137/udp open|filtered netbios-ns 138/udp open|filtered netbios-dgm 161/udp open|filtered snmp 427/udp open|filtered svrloc 445/udp open|filtered microsoft-ds 500/udp open|filtered isakmp 1025/udp open|filtered blackjack 1028/udp open|filtered ms-lsa 1030/udp open|filtered iad1 4500/udp open|filtered sae-urn >George >-- >[EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
