sorry for the late reply "Which Nessus version are you using? And what portscanners are in use?" 3.0.6, ive tried a few different methods and port scanners. Ill have to check what I have enabled now, been tweaking them to see what gives me better results.
"transient services on high ports could do this. firewall manipulation could as well." A lot of the high port things are more then likely this, im looking into firewall changes as well. "Could you be more specific in the ports you are seeing? On one hand you say that the system admins know about these ports and they've been open for years, but then you also mention that you can't connect to them with nmap or telnet. I'd try to work backwards from the systems themselves by running a netstat command on them." They range, a lot of high ports which as noted before could be some transient services. Though some are things like a few telnet, http, ftp. Quite a lot more, but I get alerted on these perimeter ports. I may have misrepresented my problem a little, nessus does see these ports one day (some have banner info, I know these are not false positives) but others nessus will alert and the next day these ports wont be seen when I follow up. I've contacted the system admins on a few of these and they tell me these services are not listening or have been listening for years.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
