Hi there I've just noticed our scheduled nessus scans aren't getting the Windows results they normally return anymore.
We run a weekly "lite scan" against Windows hosts - discovering what patches are missing, along with what software is installed, etc. Our software developers run all sorts of weird network services and Nessus has been known to cause grief, so I run it with a majorly cut-down port list (ie 135,137,139,445) and have "unscanned ports closed" set too. That has meant Nessus only scanned the NetBIOS ports and didn't even send a single packet to other port numbers. Worked well. Some time over the past couple of weeks something's changed, and now Nessus can't get any real details out of the Windows hosts. Running the scan through the GUI, I can see Nessus reports "139/tcp, 137/udp and 445/tcp" as being open - and yet with none of the normal detail. And yet if I disable the "unscanned ports closed" checkbox and run the same scan again - everything comes right and I get the results I need. However, nessus is then hammering all sorts of extra ports - which I cannot have. To reiterate: all I have to do is turn off "unscanned ports closed" to make this problem disappear. The cause (symptom?) of the problem happens immediately after starting the scan: Not launching cifs445.nasl against ip.add.ress none of the required tcp ports are open (this is not an error) launching ping_host.nasl against .. launching nessus_tcp_scanner.nes against ... Well that looks plain wrong. For one thing, shouldn't cifs445 be called AFTER the port scanners are called? I'm guessing "unscanned ports closed" sets something to empty instead of NULL and so cifs445.nasl skips? I have deleted /opt/nessus/var/nessus/plugins* and run nessus-update-plugins (and restarted) and it made no improvement. This is with nessus-3.2.1 under RHE4 Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
