All: >From a Nessus 3.0.6 Direct Feed installation on SuSE 10.2, I ran scans against a subnet that included Cisco IP conference stations (Model 7936) and Cisco IP Phones (Model 7961).
Pertinent settings: Port Range: 1-65535; Optimize test: Disabled; Safe Checks: Enabled; Port Scanners: Ping remote host & Nessus TCP scanner; Plugins: all local checks disabled; CGI scanning enabled (with default cgi locations specified); performing only a TCP ping (no ARP or ICMP). The result was the the phones all rebooted within the first few seconds of being scanned and remained inop until the scan had completed. They finished rebooting and none appear the worse for wear. I opened a ticket with Cisco, collected Ethereal packet traces for one phone and one conference station and sent them, along with the Nessus output files, to Cisco Tech Support. Cisco's reply: Nessus is running checks for known Cisco problems (Duh!). We (Cisco) "need to know the specific packet that's causing the phones to reboot so we can determine if it's a known problem or a new one"! Yes, my support contract dollars at work (with me doing the work!). Sorry, frustration exceeding maximum limits! Has anyone had any similar experience (with the phones, not with Cisco Tech support!) and figued out which check or checks may be causing the reboot so that I can disable those specific checks? Can I assume that Nessus runs the checks in the order listed in the .nessusrc file? Since the phones reboot in the first few seconds, whatever's causing the problem should be near the top of the list, right? Thanks in advance. Larry "There is no security on this earth, there is only opportunity." - General Douglas MacArthur (1880 - 1964)
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
