Hiya George et al, The logs on the server show the user logging in, but show it immediately disconnected.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 12:00 PM To: [email protected] Subject: Nessus Digest, Vol 52, Issue 5 Send Nessus mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://mail.nessus.org/mailman/listinfo/nessus or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Nessus digest..." Today's Topics: 1. New Nessus Install question it was not possible to login using the supplied credentials (Edward Brookhouse) 2. Re: New Nessus Install question it was not possible to login using the supplied credentials (George A. Theall) 3. Nessus, sendmail/clamav and "mail bombing" (Doty, Timothy T.) 4. Re: Nessus, sendmail/clamav and "mail bombing" (George A. Theall) ---------------------------------------------------------------------- Message: 1 Date: Tue, 05 Feb 2008 11:14:39 -0500 From: "Edward Brookhouse" <[EMAIL PROTECTED]> Subject: New Nessus Install question it was not possible to login using the supplied credentials To: "[email protected]" <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Hi all, I recently upgraded from an old version of Nessus running on a Fedora 6 server to the latest version on the website. It worked great for one scan, then the server I was on died (mobo problems) I moved the hard disks into another server, and even though the server is up and running nicely, I could not login to Nessus. From a Win client to the Nessus Server on a Linux box. The login would always fail saying the credentials can not be used to login. I presumed some sort of SSL key issue or other error - so I rpm -e the nessus package, then re-install... same error.... I remove the client, including registry entries and local directories ... same issue ... I remove the server package again, and switch to the cvs version, just to see ... same issue ... In the logs on the server, I see the username successfully logging in .. but the client seems certain it can not.. always the same error. Different users, same error .... Any thoughts appreciated ;) EB -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20080205/fce70bd0/attachment-0001.html ------------------------------ Message: 2 Date: Tue, 5 Feb 2008 15:37:33 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: New Nessus Install question it was not possible to login using the supplied credentials To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Feb 5, 2008, at 11:14 AM, Edward Brookhouse wrote: > I moved the hard disks into another server, and even though the > server is up and running nicely, I could not login to Nessus. From > a Win client to the Nessus Server on a Linux box. The login would > always fail saying the credentials can not be used to login. What do you see in nessusd.messages on the server side when you try to connect? Is nessusd running? Are you allowing connections to it through, say, iptables? George -- [EMAIL PROTECTED] ------------------------------ Message: 3 Date: Tue, 5 Feb 2008 17:21:34 -0600 From: "Doty, Timothy T." <[EMAIL PROTECTED]> Subject: Nessus, sendmail/clamav and "mail bombing" To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" We are getting complaints about "mailbombing" of our postmaster address with what appears to be email caused by a nasl. The gist of it is a bounce message: ---- The following recipient(s) could not be reached: [EMAIL PROTECTED] on 2/5/2008 2:52 PM The message cannot be delivered due to a configuration error on the server. Please contact your Administrator. < system.being.scanned #5.3.0 SMTP; 553 5.3.0 <[EMAIL PROTECTED]>... some.nessus.server is not a valid delivery host> ---- Is this a fault of the nasl? Meaning, is the nasl not performing as expected? Tim Doty Systems Security Analyst Missouri University of Science & Technology -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7362 bytes Desc: not available Url : http://mail.nessus.org/pipermail/nessus/attachments/20080205/c2d817a1/attachment-0001.bin ------------------------------ Message: 4 Date: Tue, 5 Feb 2008 21:43:31 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Nessus, sendmail/clamav and "mail bombing" To: "Doty, Timothy T." <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Feb 5, 2008, at 6:21 PM, Doty, Timothy T. wrote: > We are getting complaints about "mailbombing" of our postmaster > address with > what appears to be email caused by a nasl. How many messages are you / they talking about? > [EMAIL PROTECTED] on > 2/5/2008 > 2:52 PM > The message cannot be delivered due to a configuration > error on > the server. Please contact your Administrator. > < system.being.scanned #5.3.0 SMTP; 553 5.3.0 > <[EMAIL PROTECTED]>... > some.nessus.server is not a valid delivery host> This is from a recent plugin, clamav_milter_blackhole_cmd_exec.nasl, which tries to send a message that will exploit a code execution flaw in clamav-milter. Apparently, the target mail system doesn't accept mail from some.nessus.server and is generating a bounce. Still, that should be just one message per scan. Isn't it? I did just commit a change to use any empty from address. MTAs should accept that as it's used for bounces. Look for revision 1.5 to become available in a couple of hours and let me know if that fixes the problem please. George -- [EMAIL PROTECTED] ------------------------------ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus End of Nessus Digest, Vol 52, Issue 5 ************************************* _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
