Hello, I can confirm 3.2.1 for Windows is buggy.
What I did (using my laptop with 3.2.1 version): - scan a host (my website) -> Failed (Remote host dead) - reinstall Nessus 3.2.1 and repeat the test -> Failed again - uninstall 3.2.1 and install 3.2.0. Repeat the scan -> Succeded! - upgraded plug-ins (keeping 3.2.0) and repeat the scan -> Succeded! So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows). At the moment, my advice for windows users would be downgrading to 3.2.0. During the tests, I monitorized traffic with Wireshark: - remote host dead -> Nessus sent two SNMP probes ; and received two icmp responses, because snmp target port is closed. Nothing more. - alive -> Like the former one but then Nessus continued sending tcp packets! :-) Since Sergio had the same problem, I'm wondering if the problem is known and whether it is being reviewed. Regards, -Roman Roman Medina-Heigl Hernandez escribió: > Sergio, which Nessus version are you using? > > I have 3.2.0 (windows) on my desktop and in my case could solve the problem > by activating "icmp ping" (as sugested by George). This was possible > because the scanned host is responding to icmp echo (although it's got > closed all the ports used by "tcp ping"). > > I've got 3.2.1 (windows) on my laptop and it's not working at all against > the very same host. I thought it's a problem in my laptop, not Nessus'. But > if you confirm 3.2.0 worked for you but not 3.2.1... Please, could you > elaborate on that? Anyway, don't panic, I still think it could be some kind > of problem in my laptop (perhaps some antivirus module, etc.... although I > disabled Windows firewall and some antivirus services, and the problem > remains...). > > Cheers, > -Roman > > Sergio Castro escribió: >> I reported this exact same problem a few weeks ago. >> I was running the previous version of Nessus with no problems whatsoever. >> Then I updated to the latest version for Windows, and had this "remote host >> is dead" problem too. Nothing changed in my system, and I tried to scan the >> exact same hosts I was sucessfully scanning with the older version of >> Nessus. >> >> With the help of Ron Gula, I went through the same troubleshooting you are >> going through, with no results. I still can't scan hosts on the Internet, >> only LAN. >> >> Regards, >> >> Sergio >> >> -----Mensaje original----- >> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> En nombre de Roman Medina-Heigl Hernandez >> Enviado el: Lunes, 23 de Junio de 2008 02:21 p.m. >> Para: [email protected] >> Asunto: Remote host dead? >> >> Hello, >> >> I'm trying to scan a host with the default policy. The host is alive and >> responding to pings. I got no results when scanning with Nessus 3.2.0 >> (Windows). Looking at scan.log (in he "logs" dir), I can see a "remote host >> is dead". But my question is why? If I run nmap against the host, I can see >> unprivileged ports open (>1024) and of course it's responding to ping. I >> also entered 1-65535 in "port scanner range". No luck at all. Am I missing >> something? Perhaps a bug in Nessus? >> >> Another question, how could I debug this? If I enable the option to "save a >> packet capture of the scan", I couldn't find any new log on logs dir (where >> should it be placed?) >> >> Log attached (IP stripped; I could provide it in private for >> testing/debugging purposes): >> [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 20:56:48 >> 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] [Mon Jun 23 >> 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 20:56:48 >> 2008][540] user localuser : launching clrtxt_proto_settings.nasl against >> X.X.X.X [1] [Mon Jun 23 20:56:48 2008][540] user localuser : launching >> dont_scan_settings.nasl against X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] >> user localuser : launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23 >> 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished its job >> against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] >> dont_scan_settings.nasl (process 2) finished its job against X.X.X.X in >> 0.000 seconds [Mon Jun 23 20:56:48 2008][540] ssh_settings.nasl (process 3) >> finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 >> 2008][540] user localuser : launching snmp_settings.nasl against X.X.X.X [4] >> [Mon Jun 23 20:56:52 2008][540] snmp_settings.nasl (process 4) finished its >> job against X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user >> localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23 >> 20:56:54 2008][540] ping_host.nasl (process 5) finished its job against >> W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user localuser : >> launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 20:56:54 >> 2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 20:56:54 2008][540] >> Finished testing X.X.X.X. Time : 6.718 secs, 6 plugins launched [Mon Jun 23 >> 20:56:54 2008][540] 1 hosts scanned >> > -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
