Aaron, Based on the information you have provided, its hard to tell which specific plugin might be causing a CPU spike on the router. Few questions : - Is SSH enabled on the router?. If so, which version. - Is "Do not log in with user accounts not specified in the policy" in Global variable settings disabled for the scan? - During the scan, could you tell by looking at the pcaps which ports Nessus is connecting to and what specific requests it is sending to the router which causes a noticeable CPU spike? One way to identify the plugin causing a CPU spike, would be to enable "Log details of the scan on the server" and set "Number of checks in parallel" to 1, this will ensure plugins are run sequentially. Once you have this setup, tail -f nessusd.messages and monitor the router for any CPU spikes. - Mehul
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Weissenfluh Sent: Tuesday, July 15, 2008 3:31 PM To: [email protected] Subject: Cisco tty CPU Spike All, I've run into an issue where I've seen the cpu utilization spike specifically relating to the TTY Daemon on a router when scanned by Nessus. The cpu will initially spike up to 15% then spike up to 40% and will stay there following a simple "safe-checks" scan. The cpu will not drop until I disconnect the tty com. I have configured nessus to tcp scan ports 1-65535 and I've got all the default plugins enabled but with safe checks on and really nothing that different from a default scan enabled. Not that it's causing a huge issue - just working to figure out what specific plugin is causing the actual problem. Anyone seen anything like this before? Here's the specific information about the router and scanner if that helps: Cisco 2821 Router Version 12.4 (13r) T Release fc1 sh proc cpu sort (output): CPU utilization for five seconds: 38%/0%; one minute: 41%; five minutes: 42% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 70 8731285401349143954 647 38.23% 41.10% 42.18% 1 TTY Daemon 38 15980516 136215965 117 0.08% 0.07% 0.08% 0 TTY Background Nessus 3.2.1 on SuSE, plugins updated daily. Thanks, A
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
