short answer: no long answer: if you do the initial scan using nmap and import the results, yes. nmap has finer grained control than the default tcp scanner and you can make it pretty stinking slow. You can also use the nmap plugin to put this seemlessly together, but IIRC, the plugin doesn't let you access quite all the switches that nmap can support (a bagillion, thanks Fyodor!)
longer answer yet: I asked this a couple of weeks ago, running into a similar problem. Mr. Arboi responded back with > With Nessus3, you can limit the number of parallel TCP sessions. Apart > from this, nothing changed for nessus_tcp_scanner between Nessus2 and > Nessus3. > The maximum parallelism is mainly computed from max_checks (what you > called "Y"). safe_checks reduces it. > max_checks is clamped down to 5 for this computation. > > Note that the maximum parallelism is only reached when you scan a > firewalled machine. > So, the short of it is that there is not nearly as fine grained control on the scanner as a couple of us would like. Mr. Arboi have discussed this before, and indeed, for most applications, the tcpscanner really does move very well, but the price you pay is that you lose the configurability and control. For my own work, the regular scanner is a good choice most of the time, but I really like having the power on occasion. What I might suggest in the meantime is making sure your pix is not running in "debug mode", or tune your rules a bit. Last year I ran into pretty much this exact problem with running the scan against a particular cisco product that did virtual firewalls of a sort. Turned out I could bring the machine to it's knees and DOS the thing with the scanner because it was trying to log like mad and pegged the poor cpu. Turned down the logging and it stopped DOSing it. On Thu, Feb 28, 2008 at 5:05 PM, teknet8 <[EMAIL PROTECTED]> wrote: > Hello > > Everything worked fine for me, but i wanted to scan all ports, so i > changed it. > And it works but....to fast. > > When i scan my whole network (16 networks, each class C) during network > scanning hundreds of packets per second > are being sent. My pix firewalls have 98% cpu. > I scan maximum 10 hosts at the same time with maximum 10 tests. > > The problem is that i do not want to make fewer test (fewer maximum > hosts/fewer tests per host) because > after phase of network scanning everything works fine (other plugins works > fine without too much network overload). Can i in any way make network > scanning slower ? > > Thanx > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
