What kind of network interface are you scanning thru ? (ethernet,
wireless, etc...)
Thanks,
-- Renaud
On Jun 26, 2008, at 6:51 AM, Sergio Castro wrote:
> I can confirm I got very similar results
>
> - Sergio
>
> -----Mensaje original-----
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> ]
> En nombre de Roman Medina-Heigl Hernandez
> Enviado el: Miércoles, 25 de Junio de 2008 03:21 p.m.
> Para: [email protected]
> Asunto: Re: Remote host dead?
>
> Hello,
>
> I can confirm 3.2.1 for Windows is buggy.
>
> What I did (using my laptop with 3.2.1 version):
> - scan a host (my website) -> Failed (Remote host dead)
> - reinstall Nessus 3.2.1 and repeat the test -> Failed again
> - uninstall 3.2.1 and install 3.2.0. Repeat the scan -> Succeded!
> - upgraded plug-ins (keeping 3.2.0) and repeat the scan -> Succeded!
>
> So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows).
> At the
> moment, my advice for windows users would be downgrading to 3.2.0.
>
> During the tests, I monitorized traffic with Wireshark:
> - remote host dead -> Nessus sent two SNMP probes ; and received two
> icmp
> responses, because snmp target port is closed. Nothing more.
> - alive -> Like the former one but then Nessus continued sending tcp
> packets! :-)
>
> Since Sergio had the same problem, I'm wondering if the problem is
> known and
> whether it is being reviewed.
>
> Regards,
> -Roman
>
> Roman Medina-Heigl Hernandez escribió:
>> Sergio, which Nessus version are you using?
>>
>> I have 3.2.0 (windows) on my desktop and in my case could solve the
>> problem by activating "icmp ping" (as sugested by George). This was
>> possible because the scanned host is responding to icmp echo
>> (although
>> it's got closed all the ports used by "tcp ping").
>>
>> I've got 3.2.1 (windows) on my laptop and it's not working at all
>> against the very same host. I thought it's a problem in my laptop,
>> not
>> Nessus'. But if you confirm 3.2.0 worked for you but not 3.2.1...
>> Please, could you elaborate on that? Anyway, don't panic, I still
>> think it could be some kind of problem in my laptop (perhaps some
>> antivirus module, etc.... although I disabled Windows firewall and
>> some antivirus services, and the problem remains...).
>>
>> Cheers,
>> -Roman
>>
>> Sergio Castro escribió:
>>> I reported this exact same problem a few weeks ago.
>>> I was running the previous version of Nessus with no problems
>>> whatsoever.
>>> Then I updated to the latest version for Windows, and had this
>>> "remote host is dead" problem too. Nothing changed in my system, and
>>> I tried to scan the exact same hosts I was sucessfully scanning with
>>> the older version of Nessus.
>>>
>>> With the help of Ron Gula, I went through the same troubleshooting
>>> you are going through, with no results. I still can't scan hosts on
>>> the Internet, only LAN.
>>>
>>> Regards,
>>>
>>> Sergio
>>>
>>> -----Mensaje original-----
>>> De: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED]
>>> En nombre de Roman Medina-Heigl Hernandez Enviado el: Lunes, 23 de
>>> Junio de 2008 02:21 p.m.
>>> Para: [email protected]
>>> Asunto: Remote host dead?
>>>
>>> Hello,
>>>
>>> I'm trying to scan a host with the default policy. The host is alive
>>> and responding to pings. I got no results when scanning with Nessus
>>> 3.2.0 (Windows). Looking at scan.log (in he "logs" dir), I can see a
>>> "remote host is dead". But my question is why? If I run nmap against
>>> the host, I can see unprivileged ports open (>1024) and of course
>>> it's responding to ping. I also entered 1-65535 in "port scanner
>>> range". No luck at all. Am I missing something? Perhaps a bug in
>>> Nessus?
>>>
>>> Another question, how could I debug this? If I enable the option to
>>> "save a packet capture of the scan", I couldn't find any new log on
>>> logs dir (where should it be placed?)
>>>
>>> Log attached (IP stripped; I could provide it in private for
>>> testing/debugging purposes):
>>> [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23
>>> 20:56:48 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540]
>>> [Mon Jun 23
>>> 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23
>>> 20:56:48 2008][540] user localuser : launching
>>> clrtxt_proto_settings.nasl against X.X.X.X [1] [Mon Jun 23 20:56:48
>>> 2008][540] user localuser : launching dont_scan_settings.nasl
>>> against
>>> X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] user localuser :
>>> launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23
>>> 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished
>>> its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48
>>> 2008][540] dont_scan_settings.nasl (process 2) finished its job
>>> against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540]
>>> ssh_settings.nasl (process 3) finished its job against X.X.X.X in
>>> 0.000 seconds [Mon Jun 23 20:56:48 2008][540] user localuser :
>>> launching snmp_settings.nasl against X.X.X.X [4] [Mon Jun 23
>>> 20:56:52
>>> 2008][540] snmp_settings.nasl (process 4) finished its job against
>>> X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user
>>> localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23
>>> 20:56:54 2008][540] ping_host.nasl (process 5) finished its job
>>> against W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540]
>>> user
> localuser :
>>> launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23
>>> 20:56:54 2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23
>>> 20:56:54 2008][540] Finished testing X.X.X.X. Time : 6.718 secs, 6
>>> plugins launched [Mon Jun 23
>>> 20:56:54 2008][540] 1 hosts scanned
>>>
>>
>
> --
>
> Saludos,
> -Roman
>
> PGP Fingerprint:
> 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID:
> 0xEAD56742.
> Available at KeyServ] _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
>
> __________ NOD32 3218 (20080625) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
>
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
