It does sound rather slow to me as well. But often slow = accuracy. There have been many efforts to make Nessus more accurate even when there are points between the scanner and the scanning targets that break IP RFC's (most proxies, firewalls, load balancers). I would consider breaking the scan into two scans. The first scan determines if a host is active or not, then using the smaller list of hosts that are reported active, run more detailed scans so that the scanner only has to re-inspect a smaller subset of hosts. This may speed up scan times but it will result in more work for you.
Beware, the same devices/software between the targets and scanner can cause the scanner to miss the target entirely when scanning fewer ports so make sure you add some known application ports that are not well known ports that proxy type devices tend to work directly with (or against, depending on your opinion). You have to work at finding a scan combination (TCP vs ICMP ping, treat unscanned ports as not dead, etc) before you find a way around the devices. To clarify to yourself, consider scanning some targets directly from the local network segment and see the accuracy and speed potential, then revert to scanning over links with devices that interrupt the scan flow and look at the results. Change your scan according to what you believe is happening. Or in summary, be pleased with the accuracy the slow scan is providing and since you believe it to be fast, be doubly pleased. Regards, -- Dan Dan Bowman Director ITS & Managed Services Tenable Network Security http://www.tenablesecurity.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taras Ivashchenko Sent: Sunday, May 11, 2008 02:27 To: [email protected] Subject: Is it normal? Hello, everybody! Is it normal that Nessus (3.2.0) with full port range had scanned 70 hosts (among them 30 hosts are alive) for about 5 hours? It's really short time... -- Тарас Иващенко (Taras Ivashchenko) ---- "Software is like sex: it's better when it's free." - Linus Torvalds _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
