Sergio, which Nessus version are you using? I have 3.2.0 (windows) on my desktop and in my case could solve the problem by activating "icmp ping" (as sugested by George). This was possible because the scanned host is responding to icmp echo (although it's got closed all the ports used by "tcp ping").
I've got 3.2.1 (windows) on my laptop and it's not working at all against the very same host. I thought it's a problem in my laptop, not Nessus'. But if you confirm 3.2.0 worked for you but not 3.2.1... Please, could you elaborate on that? Anyway, don't panic, I still think it could be some kind of problem in my laptop (perhaps some antivirus module, etc.... although I disabled Windows firewall and some antivirus services, and the problem remains...). Cheers, -Roman Sergio Castro escribió: > I reported this exact same problem a few weeks ago. > I was running the previous version of Nessus with no problems whatsoever. > Then I updated to the latest version for Windows, and had this "remote host > is dead" problem too. Nothing changed in my system, and I tried to scan the > exact same hosts I was sucessfully scanning with the older version of > Nessus. > > With the help of Ron Gula, I went through the same troubleshooting you are > going through, with no results. I still can't scan hosts on the Internet, > only LAN. > > Regards, > > Sergio > > -----Mensaje original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > En nombre de Roman Medina-Heigl Hernandez > Enviado el: Lunes, 23 de Junio de 2008 02:21 p.m. > Para: [email protected] > Asunto: Remote host dead? > > Hello, > > I'm trying to scan a host with the default policy. The host is alive and > responding to pings. I got no results when scanning with Nessus 3.2.0 > (Windows). Looking at scan.log (in he "logs" dir), I can see a "remote host > is dead". But my question is why? If I run nmap against the host, I can see > unprivileged ports open (>1024) and of course it's responding to ping. I > also entered 1-65535 in "port scanner range". No luck at all. Am I missing > something? Perhaps a bug in Nessus? > > Another question, how could I debug this? If I enable the option to "save a > packet capture of the scan", I couldn't find any new log on logs dir (where > should it be placed?) > > Log attached (IP stripped; I could provide it in private for > testing/debugging purposes): > [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 20:56:48 > 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] [Mon Jun 23 > 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 20:56:48 > 2008][540] user localuser : launching clrtxt_proto_settings.nasl against > X.X.X.X [1] [Mon Jun 23 20:56:48 2008][540] user localuser : launching > dont_scan_settings.nasl against X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] > user localuser : launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23 > 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished its job > against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] > dont_scan_settings.nasl (process 2) finished its job against X.X.X.X in > 0.000 seconds [Mon Jun 23 20:56:48 2008][540] ssh_settings.nasl (process 3) > finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 > 2008][540] user localuser : launching snmp_settings.nasl against X.X.X.X [4] > [Mon Jun 23 20:56:52 2008][540] snmp_settings.nasl (process 4) finished its > job against X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user > localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23 > 20:56:54 2008][540] ping_host.nasl (process 5) finished its job against > W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user localuser : > launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 20:56:54 > 2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 20:56:54 2008][540] > Finished testing X.X.X.X. Time : 6.718 secs, 6 plugins launched [Mon Jun 23 > 20:56:54 2008][540] 1 hosts scanned > -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
