Sam/Albert, First, I want to thank you for your valuable information. After disabling Symantec Internet Security firewall on the host I was able to scan the two virtual machine instances that I had set up. However, as you have indicated, I was not able to even connect to the scan server on the either virtual machine's instance probably for the reasons that you've indicated even though there is no firewall or anti-virus running on those instances. I had a feeling there was a conflict happening on port 1241 between the virtual instances and the host with the scan server.
Since I was able to scan the two VM's from the host I was able to obtain the information that I was looking for to allow me to proceed to the next step. I must also admit that this is my first time working with such a tool. Thank you again for you assistance! Joe -------------- Original message -------------- From: Albert <[EMAIL PROTECTED]> > Hi > > In my experience with similar scanners, the key to running a packet > generating scanner from a (VMWARE) VM was to ensure that there was NO > PACKET FILTERING firewall on the host NIC if you were using a virtual > NIC to run the scan from. In fact a typical scan machine for mid-sized > work was a Windows host with a Linux guest - the client being on > windows and the scanner being on Linux. > > Any firewall on the host NIC will affect the guest OS, reducing the > significance of the scan to zero. > > On the other hand, I found it good practice to place the actual scan > engine on a dedicated device in a remote network and access the scan > machine remotely via BOTH VPN AND an encrypted client-server > connection (SSH, SSL). > > However you had to be sure the device hosting the scan engine was > locked down logically and physically to prevent tampering > > > > > 2008/5/19 Sam Stern : > > Hi Joe, > > > > > > > > To be direct it does work, just not well if you make the wrong > > architectural > > choices. To more complete in my answer: > > > > > > > > Yes, you can use Nessus to scan or be hosted in any virtual machine you > > want > > assuming the virtual machine has its own bridged ip (in my experience it > > does not work if you try to use VMware Nat or vpc Nat). That said, I find > > virtual machines tend to drop allot of packets esp. under load and when not > > using the virtual machines "extensions". So host Nessus on the host system, > > and scan the bridged ip from the host to the VM works the best. I find > > scanning the host from the Virtual Machine is less effective. It's also > > more > > effective to have your Virtual machine on its own hard drive â using a > > different adapter (or less effectively, a separate channel) from the drive > > that holds the host os. > > > > I find that VMware drops packets less than VPC 2004 (I've not used VPC 2007 > > so I can't say if the virtual nic code has gotten better or not). In my > > experience, Nessus and virtual machines work the best when your host system > > uses a professional grade dual or quad Intel or 3com based nic (AVOID > > Adaptec, Broadcom and Realtek based nics they are cheap for a reason) and > > assign the virtual machine a different physical port on that nic than the > > host uses; then scan over a professional quality switch that is not set to > > firewall or filter any traffic (even broadcast traffic). You can also link > > the two ports with a crossover cable. Also, you need to completely disable > > the XP firewall by stopping the "Firewall and ics" service â otherwise it > > will silently drop certain forms of inbound traffic (regardless of your > > logging options) â especially broadcast traffic. Lastly, make certain the > > virtual machine is hosted fully in memory and is not swapped out to swap > > file. > > > > > > > > HTH > > > > > > > > Sam S. > > > > > > > > > > > > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of [EMAIL PROTECTED] > > Sent: Sunday, May 18, 2008 8:25 AM > > To: [email protected] > > Subject: Nessus and MS Virtual PC 2007 > > > > > > > > Hello, > > > > > > > > Nobody has an answer to my question? > > > > > > > > -------------- Forwarded Message: -------------- > > From: [EMAIL PROTECTED] > > To: [email protected] > > Subject: Nessus and MS Virtual PC 2007 > > Date: Fri, 16 May 2008 14:15:08 +0000 > > > > Hello, > > > > > > > > Can Nessus 3.2 for Windows XP Pro be used on Microsoft Virtual PC 2007? > > > > > > > > After installing Nessus and trying to connect through the client I keep > > receiving a message that no connection to the server can be made because > > the IP and/or the port is incorrect. There is no anti-virus installed and > > the firewall is turned off on the virtual machine instance. > > > > > > > > All defaults are used during the setup and plugins were updated. > > > > > > > > Thanks, > > > > Joe > > > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > _______________________________________________ > Nessus mailing list > [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
