Well, the detections when using the Default scan policy point to Nessus ID 19772 (Skype Detection) and Nessus ID 21208 (Skype Stack Version Detection).
I do have Professional Feed, I'll open a ticket. Thanks, François -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: December-01-08 3:39 PM To: Nessus Subject: Re: Skype detection Have you tried performing a port scan across a larger port range? It is possible a different Nessus plugin that was part of a full scan was detecting whatever port Skype was listening on and marking that as being found. But now your minimal scan is not seeing that. Increasing your targeted ports to full should turn up more ports. This is also the type of activity our support group can help with if you are a Professional Feed customer. Ron Gula Tenable Network Security Lachance wrote: > Yep, done that. Still no luck. > > Looking at the scan.log in C:\Program Files\Tenable\Nessus\logs, it appears > that Nessus skip lots of Skype checks for whatever reason. Below is the > relevant section. I am surprised by some of the plugins that Nessus decided > to include > > [Mon Dec 01 09:48:42 2008][256] Use default port range > [Mon Dec 01 09:49:00 2008][256] user localuser : testing lknngv7 (10.3.22.65) > [256] > [Mon Dec 01 09:49:00 2008][256] Scan 10.3.22.65 using 53 plugins > [Mon Dec 01 09:49:00 2008][256] user localuser : launching > clrtxt_proto_settings.nasl against 10.3.22.65 [1] > [Mon Dec 01 09:49:00 2008][256] user localuser : launching > portscanners_settings.nasl against 10.3.22.65 [2] > [Mon Dec 01 09:49:00 2008][256] user localuser : launching > dont_scan_settings.nasl against 10.3.22.65 [3] > [Mon Dec 01 09:49:00 2008][256] user localuser : launching ssh_settings.nasl > against 10.3.22.65 [4] > [Mon Dec 01 09:49:00 2008][256] clrtxt_proto_settings.nasl (process 1) > finished its job against 10.3.22.65 in 0.005 seconds > [Mon Dec 01 09:49:00 2008][256] portscanners_settings.nasl (process 2) > finished its job against 10.3.22.65 in 0.005 seconds > [Mon Dec 01 09:49:00 2008][256] dont_scan_settings.nasl (process 3) finished > its job against 10.3.22.65 in 0.004 seconds > [Mon Dec 01 09:49:00 2008][256] ssh_settings.nasl (process 4) finished its > job against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:00 2008][256] user localuser : launching ping_host.nasl > against 10.3.22.65 [5] > [Mon Dec 01 09:49:17 2008][256] ping_host.nasl (process 5) finished its job > against 10.3.10.157 in 16.562 seconds > [Mon Dec 01 09:49:17 2008][256] user localuser : launching > dont_scan_printers.nasl against 10.3.22.65 [6] > [Mon Dec 01 09:49:17 2008][256] user localuser : launching cifs445.nasl > against 10.3.22.65 [7] > [Mon Dec 01 09:49:18 2008][256] cifs445.nasl (process 7) finished its job > against 10.3.22.65 in 1.006 seconds > [Mon Dec 01 09:49:25 2008][256] dont_scan_printers.nasl (process 6) finished > its job against 10.3.22.65 in 8.020 seconds > [Mon Dec 01 09:49:25 2008][256] user localuser : launching > dont_scan_netware.nasl against 10.3.22.65 [8] > [Mon Dec 01 09:49:25 2008][256] user localuser : launching dcetest.nasl > against 10.3.22.65 [9] > [Mon Dec 01 09:49:25 2008][256] dcetest.nasl (process 9) finished its job > against 10.3.22.65 in 0.020 seconds > [Mon Dec 01 09:49:27 2008][256] dont_scan_netware.nasl (process 8) finished > its job against 10.3.22.65 in 2.010 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > dont_print_on_printers.nasl against 10.3.22.65 [10] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > netbios_name_get.nasl against 10.3.22.65 [11] > [Mon Dec 01 09:49:27 2008][256] dont_print_on_printers.nasl (process 10) > finished its job against 10.3.22.65 in 0.009 seconds > [Mon Dec 01 09:49:27 2008][256] netbios_name_get.nasl (process 11) finished > its job against 10.3.22.65 in 0.016 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > global_settings.nasl against 10.3.22.65 [12] > [Mon Dec 01 09:49:27 2008][256] global_settings.nasl (process 12) finished > its job against 10.3.22.65 in 0.000 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > oracle_settings.nbin against 10.3.22.65 [13] > [Mon Dec 01 09:49:27 2008][256] oracle_settings.nbin (process 13) finished > its job against 10.3.22.65 in 0.000 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching smtp_settings.nasl > against 10.3.22.65 [14] > [Mon Dec 01 09:49:27 2008][256] smtp_settings.nasl (process 14) finished its > job against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching cgibin_in_kb.nasl > against 10.3.22.65 [15] > [Mon Dec 01 09:49:27 2008][256] cgibin_in_kb.nasl (process 15) finished its > job against 10.3.22.65 in 0.000 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching TLD_wildcard.nasl > against 10.3.22.65 [16] > [Mon Dec 01 09:49:27 2008][256] TLD_wildcard.nasl (process 16) finished its > job against 10.3.22.65 in 0.000 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching smb_scope.nasl > against 10.3.22.65 [17] > [Mon Dec 01 09:49:27 2008][256] smb_scope.nasl (process 17) finished its job > against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching kerberos.nasl > against 10.3.22.65 [18] > [Mon Dec 01 09:49:27 2008][256] kerberos.nasl (process 18) finished its job > against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching logins.nasl > against 10.3.22.65 [19] > [Mon Dec 01 09:49:27 2008][256] logins.nasl (process 19) finished its job > against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching samba_detect.nasl > against 10.3.22.65 [20] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching rpc_portmap.nasl > against 10.3.22.65 [21] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching ilo_detect.nasl > against 10.3.22.65 [22] > [Mon Dec 01 09:49:27 2008][256] rpc_portmap.nasl (process 21) finished its > job against 10.3.22.65 in 0.006 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : not launching rpcinfo.nasl > against 10.3.22.65: none of the required tcp ports are open > [Mon Dec 01 09:49:27 2008][256] user localuser : launching find_service.nasl > against 10.3.22.65 [23] > [Mon Dec 01 09:49:27 2008][256] find_service.nasl (process 23) finished its > job against 10.3.22.65 in 0.002 seconds > [Mon Dec 01 09:49:27 2008][256] ilo_detect.nasl (process 22) finished its job > against 10.3.22.65 in 0.019 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching find_service1.nasl > against 10.3.22.65 [24] > [Mon Dec 01 09:49:27 2008][256] find_service1.nasl (process 24) finished its > job against 10.3.22.65 in 0.001 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > intrushield_console_detect.nasl against 10.3.22.65 [25] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > find_service_3digits.nasl against 10.3.22.65 [26] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > apache_SSL_complain.nasl against 10.3.22.65 [27] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching ssh_get_info.nasl > against 10.3.22.65 [28] > [Mon Dec 01 09:49:27 2008][256] find_service_3digits.nasl (process 26) > finished its job against 10.3.22.65 in 0.012 seconds > [Mon Dec 01 09:49:27 2008][256] apache_SSL_complain.nasl (process 27) > finished its job against 10.3.22.65 in 0.012 seconds > [Mon Dec 01 09:49:27 2008][256] ssh_get_info.nasl (process 28) finished its > job against 10.3.22.65 in 0.005 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : not launching > freebsd_pkg_70fc13d94ab411da932d00055d790c25.nasl against 10.3.22.65: > required key missing > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > doublecheck_std_services.nasl against 10.3.22.65 [29] > [Mon Dec 01 09:49:27 2008][256] doublecheck_std_services.nasl (process 29) > finished its job against 10.3.22.65 in 0.002 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching httpver.nasl > against 10.3.22.65 [30] > [Mon Dec 01 09:49:27 2008][256] intrushield_console_detect.nasl (process 25) > finished its job against 10.3.22.65 in 0.081 seconds > [Mon Dec 01 09:49:27 2008][256] httpver.nasl (process 30) finished its job > against 10.3.22.65 in 0.011 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > clearswift_mimesweeper_smtp_detect.nasl against 10.3.22.65 [31] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > xerox_document_centre_detect.nasl against 10.3.22.65 [32] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > securenet_provider_detect.nasl against 10.3.22.65 [33] > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > cisco_ids_manager_detect.nasl against 10.3.22.65 [34] > [Mon Dec 01 09:49:27 2008][256] clearswift_mimesweeper_smtp_detect.nasl > (process 31) finished its job against 10.3.22.65 in 0.014 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > xerox_workcentre_detect.nasl against 10.3.22.65 [35] > [Mon Dec 01 09:49:27 2008][256] xerox_document_centre_detect.nasl (process > 32) finished its job against 10.3.22.65 in 0.014 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > compaq_wbem_detect.nasl against 10.3.22.65 [36] > [Mon Dec 01 09:49:27 2008][256] securenet_provider_detect.nasl (process 33) > finished its job against 10.3.22.65 in 0.015 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > ciscoworks_detect.nasl against 10.3.22.65 [37] > [Mon Dec 01 09:49:27 2008][256] xerox_workcentre_detect.nasl (process 35) > finished its job against 10.3.22.65 in 0.007 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > interspect_detect.nasl against 10.3.22.65 [38] > [Mon Dec 01 09:49:27 2008][256] samba_detect.nasl (process 20) finished its > job against 10.3.22.65 in 0.144 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > linuxconf_detect.nasl against 10.3.22.65 [39] > [Mon Dec 01 09:49:27 2008][256] interspect_detect.nasl (process 38) finished > its job against 10.3.22.65 in 0.006 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching > websense_detect.nasl against 10.3.22.65 [40] > [Mon Dec 01 09:49:27 2008][256] cisco_ids_manager_detect.nasl (process 34) > finished its job against 10.3.22.65 in 0.029 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching xedus_detect.nasl > against 10.3.22.65 [41] > [Mon Dec 01 09:49:27 2008][256] xedus_detect.nasl (process 41) finished its > job against 10.3.22.65 in 0.000 seconds > [Mon Dec 01 09:49:27 2008][256] user localuser : launching iwss_detect.nasl > against 10.3.22.65 [42] > [Mon Dec 01 09:49:28 2008][256] ciscoworks_detect.nasl (process 37) finished > its job against 10.3.22.65 in 0.986 seconds > [Mon Dec 01 09:49:28 2008][256] user localuser : launching imss_detect.nasl > against 10.3.22.65 [43] > [Mon Dec 01 09:49:28 2008][256] imss_detect.nasl (process 43) finished its > job against 10.3.22.65 in 0.003 seconds > [Mon Dec 01 09:49:28 2008][256] user localuser : launching tmcm_detect.nasl > against 10.3.22.65 [44] > [Mon Dec 01 09:49:28 2008][256] linuxconf_detect.nasl (process 39) finished > its job against 10.3.22.65 in 0.988 seconds > [Mon Dec 01 09:49:28 2008][256] user localuser : launching > smb_nativelanman.nasl against 10.3.22.65 [45] > [Mon Dec 01 09:49:28 2008][256] websense_detect.nasl (process 40) finished > its job against 10.3.22.65 in 0.994 seconds > [Mon Dec 01 09:49:28 2008][256] iwss_detect.nasl (process 42) finished its > job against 10.3.22.65 in 0.988 seconds > [Mon Dec 01 09:49:28 2008][256] tmcm_detect.nasl (process 44) finished its > job against 10.3.22.65 in 0.014 seconds > [Mon Dec 01 09:49:28 2008][256] smb_nativelanman.nasl (process 45) finished > its job against 10.3.22.65 in 0.015 seconds > [Mon Dec 01 09:49:28 2008][256] user localuser : launching smb_login.nasl > against 10.3.22.65 [46] > [Mon Dec 01 09:49:28 2008][256] smb_login.nasl (process 46) finished its job > against 10.3.22.65 in 0.215 seconds > [Mon Dec 01 09:49:28 2008][256] user localuser : launching > smb_registry_access.nasl against 10.3.22.65 [47] > [Mon Dec 01 09:49:28 2008][256] smb_registry_access.nasl (process 47) > finished its job against 10.3.22.65 in 0.043 seconds > [Mon Dec 01 09:49:29 2008][256] compaq_wbem_detect.nasl (process 36) finished > its job against 10.3.22.65 in 1.987 seconds > [Mon Dec 01 09:49:29 2008][256] user localuser : launching > smb_registry_full_access.nasl against 10.3.22.65 [48] > [Mon Dec 01 09:49:29 2008][256] smb_registry_full_access.nasl (process 48) > finished its job against 10.3.22.65 in 0.037 seconds > [Mon Dec 01 09:49:29 2008][256] user localuser : launching > smb_reg_service_pack.nasl against 10.3.22.65 [49] > [Mon Dec 01 09:49:29 2008][256] user localuser : launching > embedded_web_server_detect.nasl against 10.3.22.65 [50] > [Mon Dec 01 09:49:29 2008][256] embedded_web_server_detect.nasl (process 50) > finished its job against 10.3.22.65 in 0.003 seconds > [Mon Dec 01 09:49:29 2008][256] smb_reg_service_pack.nasl (process 49) > finished its job against 10.3.22.65 in 0.039 seconds > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_detection.nasl against 10.3.22.65: none of the required tcp ports are > open > [Mon Dec 01 09:49:29 2008][256] user localuser : launching > smb_reg_service_pack_W2K.nasl against 10.3.22.65 [51] > [Mon Dec 01 09:49:29 2008][256] user localuser : launching > smb_reg_service_pack_XP.nasl against 10.3.22.65 [52] > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_version.nbin against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > tom_skype_installed.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_uri_overflow.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_overflow_nw.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_2008_003.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_2008_001.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] user localuser : not launching > skype_2006_001.nasl against 10.3.22.65: required key missing > [Mon Dec 01 09:49:29 2008][256] smb_reg_service_pack_W2K.nasl (process 51) > finished its job against 10.3.22.65 in 0.013 seconds > [Mon Dec 01 09:49:29 2008][256] smb_reg_service_pack_XP.nasl (process 52) > finished its job against 10.3.22.65 in 0.011 seconds > [Mon Dec 01 09:49:29 2008][256] user localuser : launching smb_hotfixes.nasl > against 10.3.22.65 [53] > [Mon Dec 01 09:49:35 2008][256] smb_hotfixes.nasl (process 53) finished its > job against 10.3.22.65 in 6.087 seconds > [Mon Dec 01 09:49:35 2008][256] user localuser : launching > skype_overflow.nasl against 10.3.22.65 [54] > [Mon Dec 01 09:49:35 2008][256] skype_overflow.nasl (process 54) finished its > job against 10.3.22.65 in 0.073 seconds > [Mon Dec 01 09:49:35 2008][256] Finished testing 10.3.22.65. Time : 35.213 > secs, 64 plugins launched > [Mon Dec 01 09:49:35 2008][256] 1 hosts scanned > > Thanks, > > François Lachance, B. Sc., PMP > > Threat and Vulnerability Analyst/ Analyste de menaces et vulnérabilité > Information Technology / Technologie de l'information > > Farm Credit Canada / Financement agricole Canada > > Tel/Tél. : (306) 780-8987 Fax/Téléc. :(306) 780-3480 > > Advancing the business of agriculture. Pour l'avenir de l'agroindustrie. > > Please consider the environment before printing this e-mail. Pensons à > l'environnement avant d'imprimer ce courriel. > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula > Sent: December-01-08 10:09 AM > To: Nessus > Subject: Re: Skype detection > > Lachance wrote: >> Actually, this is an authenticated (credentials supplied) scan, so I guess I >> really only need to select "netstat portsscanner (WMI)" as the port scanner >> to use. The only plugins selected are the ones I found using the search for >> the word "skype". >> >> When I scan the one machine that has Skype installed, I get nothing at all >> returned. I'm wondering if there is a plugin that I should have selected >> that the Skype detection is dependent on. Any ideas? >> >> Thanks, >> >> François > > When you are selecting just the plugins with the name > "Skype" in them, you should also be sure to enable plugin > dependencies. These Skype plugins you are selecting > are likely dependent on other plugins which might not > get executed with your minimal scan. > > Ron Gula > Tenable Network Security > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
