I can confirm I got very similar results - Sergio
-----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Roman Medina-Heigl Hernandez Enviado el: Miércoles, 25 de Junio de 2008 03:21 p.m. Para: [email protected] Asunto: Re: Remote host dead? Hello, I can confirm 3.2.1 for Windows is buggy. What I did (using my laptop with 3.2.1 version): - scan a host (my website) -> Failed (Remote host dead) - reinstall Nessus 3.2.1 and repeat the test -> Failed again - uninstall 3.2.1 and install 3.2.0. Repeat the scan -> Succeded! - upgraded plug-ins (keeping 3.2.0) and repeat the scan -> Succeded! So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows). At the moment, my advice for windows users would be downgrading to 3.2.0. During the tests, I monitorized traffic with Wireshark: - remote host dead -> Nessus sent two SNMP probes ; and received two icmp responses, because snmp target port is closed. Nothing more. - alive -> Like the former one but then Nessus continued sending tcp packets! :-) Since Sergio had the same problem, I'm wondering if the problem is known and whether it is being reviewed. Regards, -Roman Roman Medina-Heigl Hernandez escribió: > Sergio, which Nessus version are you using? > > I have 3.2.0 (windows) on my desktop and in my case could solve the > problem by activating "icmp ping" (as sugested by George). This was > possible because the scanned host is responding to icmp echo (although > it's got closed all the ports used by "tcp ping"). > > I've got 3.2.1 (windows) on my laptop and it's not working at all > against the very same host. I thought it's a problem in my laptop, not > Nessus'. But if you confirm 3.2.0 worked for you but not 3.2.1... > Please, could you elaborate on that? Anyway, don't panic, I still > think it could be some kind of problem in my laptop (perhaps some > antivirus module, etc.... although I disabled Windows firewall and > some antivirus services, and the problem remains...). > > Cheers, > -Roman > > Sergio Castro escribió: >> I reported this exact same problem a few weeks ago. >> I was running the previous version of Nessus with no problems whatsoever. >> Then I updated to the latest version for Windows, and had this >> "remote host is dead" problem too. Nothing changed in my system, and >> I tried to scan the exact same hosts I was sucessfully scanning with >> the older version of Nessus. >> >> With the help of Ron Gula, I went through the same troubleshooting >> you are going through, with no results. I still can't scan hosts on >> the Internet, only LAN. >> >> Regards, >> >> Sergio >> >> -----Mensaje original----- >> De: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> En nombre de Roman Medina-Heigl Hernandez Enviado el: Lunes, 23 de >> Junio de 2008 02:21 p.m. >> Para: [email protected] >> Asunto: Remote host dead? >> >> Hello, >> >> I'm trying to scan a host with the default policy. The host is alive >> and responding to pings. I got no results when scanning with Nessus >> 3.2.0 (Windows). Looking at scan.log (in he "logs" dir), I can see a >> "remote host is dead". But my question is why? If I run nmap against >> the host, I can see unprivileged ports open (>1024) and of course >> it's responding to ping. I also entered 1-65535 in "port scanner >> range". No luck at all. Am I missing something? Perhaps a bug in Nessus? >> >> Another question, how could I debug this? If I enable the option to >> "save a packet capture of the scan", I couldn't find any new log on >> logs dir (where should it be placed?) >> >> Log attached (IP stripped; I could provide it in private for >> testing/debugging purposes): >> [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 >> 20:56:48 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] >> [Mon Jun 23 >> 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 >> 20:56:48 2008][540] user localuser : launching >> clrtxt_proto_settings.nasl against X.X.X.X [1] [Mon Jun 23 20:56:48 >> 2008][540] user localuser : launching dont_scan_settings.nasl against >> X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] user localuser : >> launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23 >> 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished >> its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 >> 2008][540] dont_scan_settings.nasl (process 2) finished its job >> against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] >> ssh_settings.nasl (process 3) finished its job against X.X.X.X in >> 0.000 seconds [Mon Jun 23 20:56:48 2008][540] user localuser : >> launching snmp_settings.nasl against X.X.X.X [4] [Mon Jun 23 20:56:52 >> 2008][540] snmp_settings.nasl (process 4) finished its job against >> X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user >> localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23 >> 20:56:54 2008][540] ping_host.nasl (process 5) finished its job >> against W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user localuser : >> launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 >> 20:56:54 2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 >> 20:56:54 2008][540] Finished testing X.X.X.X. Time : 6.718 secs, 6 >> plugins launched [Mon Jun 23 >> 20:56:54 2008][540] 1 hosts scanned >> > -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus __________ NOD32 3218 (20080625) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
