On Nov 12, 2008, at 3:32 PM, nexact wrote: > We have some machine that is running a database on a non-common > port, however, we are scanning with common port policy. > I would like to know, is there a kind of ways that could allow > Nessus to detect these non-common port ?
The answer depends to some extent on how the database service reacts and how you're configuring your scan. [Not to mention of course the port range that you specify.] On the one hand, Nessus has a couple of general service detection plugins. They work by looking for spontaneous banners or by sending something relatively harmless like an HTTP GET or 'HELP' to the port and reading a response. If a service responds to one of these probes, we can often identify the service without taking the actual port number into consideration. MySQL and to some extent PostgreSQL work like this. On the other, we have some plugins that try to detect specific applications, including database services like Oracle, DB2, MSSQL, and Firebird. They work by sending packets that try to do something like simulate a login and then make sure the response looks "ok". These plugins are generally coded such that they look for a service only on its well-known port(s) by default, although they will also check on any open port with an unidentified service if the 'Thorough tests' option is enabled. Note that enabling 'Thorough tests' entails some risk, though, since some services react poorly when they are sent data that appear to them to be malformed. > My other option is to run an all port scan that will reach database > on non-common port but... how will Nessus handle that ? > Nessus will do a fingerprint on the service and then scan it for > known vulnerability or it will skip it ? Are you able to do a credentialed scan? That would likely be the safest and most reliable. Otherwise, if Nessus identifies the service, it should run the associated plugins against that service regardless of which port its on. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
