On 10/5/07, Kevin Mc Grath <[EMAIL PROTECTED]> wrote: > Performing a scan on a device. During the scan the device enters an > error state, and the device is unreachable (ICMP Ping Monitor used to > check device availability). But Nessus fails to see this and "appears" > to continue scanning forever (must manually terminate the scan). > Nessus has subjected the device to something serious, but the > incomplete report indicates no security holes at this point. Is there > an alternative way to pinpoint the exact plugin that caused this > fault.
If the uptime monitoring system and the machine where Nessus is running (nessusd specifically if you've split client & server) have accurate system clocks, you may be able to work back through the dump file. Take the time stamp of the first system down alert for the device, and then open the nessusd.dump file and find that time stamp. If you have several instances, compare them all, as Nessus will have probably run several tests during that time frame. That will at least give you a short list of tests that might have knocked your device over, and then you can disable those and try the scan again. If you have to know exactly which one, re-enable the suspect tests one at a time until the device fails. PaulM _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
