Ahh, now I understand your situation a little better. The missed ports sounds like a timeout setting. Are you using Nmap?
If you scan everything and leave it all at defaults -- yes, it will take forever and produce false positives. also, you should be questioning and scrutinizing the nessus results for false positives. I have found the following works well - focus & tailor your scans. scanning everything takes forever. what's the scope of your security report? - don't scan across network bounderies. nessus generates a lot of traffic, and if you send it to routers, switches, IDS's, firewalls e.t.c. you will discover they will do exactly what they are supposed to do. might even slow to a crawl or crash and cause a outage in the process. - adjust # of hosts and the # of scans settings. hope this helps. there is a cool cisco press book (i think it was ciso?) that i read once that had a chapter on nessus and how to performance tune it. check the cisco site. On Dec 12, 2007 3:34 PM, Steve Templists <[EMAIL PROTECTED]> wrote: > Thanks for the reply. > > Yes I am running it on one machine. I understand the desire to distribute > the load, but as a consultant it would be a burden to have to lug around two > machines just to run a scan. As it is we have to use one box for some of > our Windows based tools and one for linux. Anyone else run into this? > > > > > On Dec 12, 2007 3:26 PM, darko g <[EMAIL PROTECTED]> wrote: > > > Whats your setup? Just one machine as a scanner & client? not gonna > > cut it. you need to distribute it. > > > > > > > > > > > > On Dec 12, 2007 2:52 PM, Steve Templists <[EMAIL PROTECTED]> wrote: > > > I've been a nessus user for years, but I have getting horrible results > > > recently when scanning more than one host at a time. > > > > > > When scanning multiple hosts, the scanner will completely miss open > ports, > > > or it will see the port as open during the port scan, but then report > that > > > the port "was open but is now closed". I have had this problem on > numerous > > > installations recently, all using the latest rpm for suse 10 and the > latest > > > nessus-client version. The scans I am performing are using the default > scan > > > policy, the default port range, and the default scan options. > > > > > > If I scan one host at a time I get "more reliable" results. Although > I'm > > > questioning any results I get. And scanning a class C is very time > > > consuming when starting one host at a time. > > > > > > Not sure if anyone else has had issues and/or has any ideas. > > > > > > Oh, and my hardware is new too so I don't think its a processor/memory > > > problem. > > > > > > Thanks for any feedback. I sure hope I'm missing something easy. > > > _______________________________________________ > > > Nessus mailing list > > > [email protected] > > > http://mail.nessus.org/mailman/listinfo/nessus > > > > > > > > > > > -- > > cheers, > > dg > > > > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- cheers, dg _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
