This is what I did tail -f /opt/nessus/var/nessus/logs/nessusd.messages Spotted that the plugin 18257 (http://www.nessus.org/plugins/index.php?view=single&id=18257) might be problematic for this device. Re-ran the scan without this plugin and thankfully the scan ran to completion without entering the error state I spoke of. (Note that max_checks is set to 1)
However when the device is scanned only with this plugin ID (i.e. 18257) the device operates perfectly. Does this plugin ID have dependencies? I would appreciate your help on this. Regards Kevin On 10/5/07, Tucker, Brock - St. Louis, MO <[EMAIL PROTECTED]> wrote: > If you're running the scan from a command line, can't you specify the -V > flag to see the attacks as they happen. This way, where it stops should > be the plugin that caused the issue. > > Brock Tucker > ITS-OSB > 314-335-8626 > [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Mc Grath > Sent: Friday, October 05, 2007 6:35 AM > To: George A. Theall > Cc: [email protected] > Subject: Re: debugging problems with Nessus > > On 10/5/07, George A. Theall <[EMAIL PROTECTED]> wrote: > > On 10/05/07 06:51, Kevin Mc Grath wrote: > > > > > Performing a scan on a device. During the scan the device enters an > > > error state, and the device is unreachable (ICMP Ping Monitor used > to > > > check device availability). But Nessus fails to see this and > "appears" > > > to continue scanning forever (must manually terminate the scan). > > > Nessus has subjected the device to something serious, but the > > > incomplete report indicates no security holes at this point. Is > there > > > an alternative way to pinpoint the exact plugin that caused this > > > fault. > > > > Are you able to attach a console to the device and monitor a log while > > the scan occurs? Are can you configure it to log events remotely to > > another system and ensure its clock is accurate? > > > > How have you configured the Nessus scan; eg, what are you scanning and > > have you enabled thorough tests? > > > > George > > -- > > [EMAIL PROTECTED] > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > Nothing has been logged in the nessusd.dump file since last month. The > Nessus policy that the device is subjected to is simple. The policy is > the default Nessus scan policy with "safe checks" disabled. So this > infers that the device is susceptible to some DoS type of attack and > most probably that some memory pool has been saturated which explains > the error state. > > FYI, I had to manually sync the times. > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
