On Nov 12, 2008, at 1:03 PM, Michael Condon wrote: > Yes, I was aware of the ack scan applying only to the local network. > I thought I had tried all iterations of turning TCP/ICMP/UDP scans > on/off before, but apparently I was suffering from lack of sleep. > > - I turned off "Ping the Remote Host" under general options. > - Turned off TCP/ICMP & UDP scans alternately under Advanced/Ping > the remote host. With all off, it ran & produced a report - not very > informative, and also declared in the log the the remote host was > dead. > > Apparently the server/firewall settings are pretty well hardened.
With ping_host.nasl, there is a configurable preference that controls whether dead hosts appear in the report - "Make the dead hosts appear in the report". By default, it's set to "no". Other than that, there are other plugins that can declare a host as dead. For example, dont_scan_printers.nasl / dont_scan_netware.nasl may determine that a host is a fragile device and mark it as dead to avoid causing any damage even when safe checks are enabled. And there are some destructive plugins that attempt to kill the host and will mark the host as dead if they were successful. In these cases, there should be a plugin report that lets you know why the plugin declared a host as dead. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
