Hi Jim, You are correct in that there are many moving parts, but this is really due to the comprehensiveness of the Nessus scanner.
If you are performing credentialed scans, you can really minimize your impact to the network if you disable network checks. Port scans don't produce a lot of bandwidth, but they do produce a lot of packets, and if your switch/firewall/NAT has any type of connection table, the port scan can fill these up. My advice for you is to scan one host with your desired configuration and see what sort of peak packets/second and total bandwidth you encounter. Nessus 3.2 has some great network throttling features in it. Another idea you can take advantage of is to simply force your NIC into 10 Mb mode. Ron Gula Tenable Network Security Kelly, Jim wrote: > One of my customer's has asked what the network traffic level impact a > Nessus scan would have on a network given: > 1. targets are all Windows > 2. scan would be done with domain authentication. > 3. approx 200+ servers scattered over 40 locations in the US spanning > east to west coast. > 4. WAN uses MPLS cloud > 5. Default configuration used: max number of hosts 20 max number of > security checks 4, check read timeout 5 seconds, plugin timeout 120, > number of packets per second port scan 500 > > Does anyone have a SWAG for how much traffic throughput per second a > Nessus scan can generate? > > I'm mostly concerned about avoiding flooding switches in key points. Any > comments would be helpful. I've searched the Tenable blog and haven't > found any info. I counseled my customer that there are too many moving > parts to definitively come up with a figure. I was hoping others on this > list could share their experience on this point. > > Thanks > > Jim > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
