Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/nessus/users/ en-us (c) Gossamer Threads Inc. All rights reserved. 24 Nov 2009 19:03:47 -0800 120 75 23 http://www.gossamer-threads.com/lists/nessus/users/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Hi, apologies if this is the wrong place to query this. Nessus plugin 20148 gives the scenario: The remote host is running the VERITAS Ne 16 Mar 2009 13:33:42 -0800 http://www.gossamer-threads.com/lists/nessus/users/33756 hi all... i used to use nessus at my old job (currently unemployed)... it was pretty cool. now i had to get some license (?!?) the thing is the 13 Mar 2009 21:59:25 -0800 http://www.gossamer-threads.com/lists/nessus/users/33748 I'm not sure about Win2k3, but with WinXP, if the admin password is blank, then that account doesn't work. If you have a password for the account, 05 Mar 2009 07:40:12 -0800 http://www.gossamer-threads.com/lists/nessus/users/33740 WinXP and win2k3 won't let you authenticate with local admin over a network. Jk Sent from Jim's iPhone On Mar 4, 2009, at 12:00 PM, "nessus-reque 04 Mar 2009 09:45:36 -0800 http://www.gossamer-threads.com/lists/nessus/users/33738 On Windows Server 2003 how do I remediate Nessus IDs 26928 and 31705. Išve already changed these entries at SYSTEM\CurrentControlSet\Control\Security 26 Feb 2009 09:13:12 -0800 http://www.gossamer-threads.com/lists/nessus/users/33735 What's the appropriate way to edit existing nessusrc files? I typically like to create a configuration in NessusClient then export it to nessusrc for 23 Feb 2009 15:28:59 -0800 http://www.gossamer-threads.com/lists/nessus/users/33733 I have run the Windows XP Desktop v.2 audit files on my workstations and have found that many of them are failing because the configuration does not e 23 Feb 2009 08:56:32 -0800 http://www.gossamer-threads.com/lists/nessus/users/33731 When I try to update my plugins , I get "Update failed to finish due to a problem" almost immediately after starting. Is there a log I can check to 21 Feb 2009 13:51:16 -0800 http://www.gossamer-threads.com/lists/nessus/users/33730 Hello, I'm having trouble determining why the SMB credentials I've configured are not able to login and run the local checks on our Windows 2003 S 19 Feb 2009 07:59:50 -0800 http://www.gossamer-threads.com/lists/nessus/users/33727 Anyone have a quickie script to confirm domain membership based on the SMB credentials provided? Looks like I might be able to make use of plugin 103 18 Feb 2009 14:56:53 -0800 http://www.gossamer-threads.com/lists/nessus/users/33724 Hello, We are looking to upgrade some of our Enterprise environments and wondering if there are any issues running NESSUS 3.x on SLES9/SP4 with Op 18 Feb 2009 12:18:34 -0800 http://www.gossamer-threads.com/lists/nessus/users/33723 We have been getting some scan reports that show the host as OS X but then no results information. It seems that it is happening when the scanner enc 17 Feb 2009 06:22:51 -0800 http://www.gossamer-threads.com/lists/nessus/users/33719 Hi, We are about to run a VA scan on ISA 2006 proxy servers (deployed on Windows 2003) in our environment. Please let us know the availability of Nes 17 Feb 2009 04:38:43 -0800 http://www.gossamer-threads.com/lists/nessus/users/33717 Has anyone created a DHHS FDCC audit policy yet? It is close to the FDCC but wonder if someone already did the leg work on creating it. Thanks, Ralph 13 Feb 2009 14:20:25 -0800 http://www.gossamer-threads.com/lists/nessus/users/33714 Hello, I posted a mail in December about cross compiling Nessus. I am trying to build Nessus for various embedded devices and receive the following e 12 Feb 2009 06:17:46 -0800 http://www.gossamer-threads.com/lists/nessus/users/33713 Looking for advice on how to serialize a scan of multiple hosts so that only one host is scanned at a time. I have edited the policy so that the maxim 11 Feb 2009 16:02:48 -0800 http://www.gossamer-threads.com/lists/nessus/users/33703 http://www.tssci-security.com/projects/tissynbe_py/ I've tried this guy's script and it seems to work well Per author: "As discussed in another post 11 Feb 2009 09:35:39 -0800 http://www.gossamer-threads.com/lists/nessus/users/33701 does anyone have the minimum set of permissions needed to run an authenticated scan with safe checks enabled on windows machines? I know there is a lo 11 Feb 2009 08:24:37 -0800 http://www.gossamer-threads.com/lists/nessus/users/33700 Hi, I have been asked if there is or will be a Nessus plugging to detect HP printers vulnerable to "Remote Unauthorized Access to Files" as reported 10 Feb 2009 04:34:43 -0800 http://www.gossamer-threads.com/lists/nessus/users/33699 Question.. Vulnerability Nessus ID 34820 shows that a server has the vulnerability: Symantec Backup Exec Authentication Bypass and Potential B 05 Feb 2009 12:54:46 -0800 http://www.gossamer-threads.com/lists/nessus/users/33690 Does this only check C$? I have a box with a P$ and windows filecheck on this completes almost immediately as everything [PASSED] Credentials are fi 05 Feb 2009 12:06:19 -0800 http://www.gossamer-threads.com/lists/nessus/users/33689 I checked the Nessus/Tenable support site and didn't see a scap file for Windows 2008. I noticed that the SCAP files were still in the beta stage. Doe 05 Feb 2009 06:09:22 -0800 http://www.gossamer-threads.com/lists/nessus/users/33686 George A. Theall wrote: > On Jan 26, 2009, at 1:05 PM, Jason Chambers wrote: > >> FYI.. NTTP should be NNTP ? Below is a comparison between the Ness 03 Feb 2009 14:30:53 -0800 http://www.gossamer-threads.com/lists/nessus/users/33683 Good morning. It seems that the URL that I saved for downloading the plugins for my offline server is not working. I went to this url - https://plu 02 Feb 2009 07:24:32 -0800 http://www.gossamer-threads.com/lists/nessus/users/33679 Hello, I would like to know if .NSR will be deprecated in the future, if yes.. when ? Thanks. 28 Jan 2009 10:57:36 -0800 http://www.gossamer-threads.com/lists/nessus/users/33664 All, I have having a problem with SSH credentials on an internal Linux box I'm trying to scan. The box I'm scanning is a RedHat box and I can 27 Jan 2009 12:04:27 -0800 http://www.gossamer-threads.com/lists/nessus/users/33657 Was this plugin (remote check for ms09-001) pulled from the feed? I don't see it in my recent update (never saw it to begin with, but it's listed at t 27 Jan 2009 10:55:36 -0800 http://www.gossamer-threads.com/lists/nessus/users/33656 Hello, I've noticed for a while that querying the preferences on the Nessus server produces duplicated PLUGIN_PREFS. Is this a feature or a bug ? N 26 Jan 2009 14:59:32 -0800 http://www.gossamer-threads.com/lists/nessus/users/33655 Hello, FYI.. NTTP should be NNTP ? Below is a comparison between the Nessus server preferences and my last cached values. Regards, --Jason New 26 Jan 2009 10:05:40 -0800 http://www.gossamer-threads.com/lists/nessus/users/33653 Would it be possible to dump out a list of all Nessus plugins showing id number in column 1 and description in column 2? Jim Kelly _________________ 22 Jan 2009 08:16:06 -0800 http://www.gossamer-threads.com/lists/nessus/users/33649 I'm having an issue with Nessus locking out root accounts on AIX servers. My config seems like this shouldn't be happening: Safe Checks are enabled. 21 Jan 2009 09:27:17 -0800 http://www.gossamer-threads.com/lists/nessus/users/33646 Hello all, I'm wondering if there has been any thought from the nessus team on standardizing the risk factor output for plugins. i know they are all 15 Jan 2009 11:32:43 -0800 http://www.gossamer-threads.com/lists/nessus/users/33645 Good morning. My question pertains to stand-alone networks. We are in the process of evaluating Nessus for one of our stand-alone systems. If we whe 15 Jan 2009 07:02:24 -0800 http://www.gossamer-threads.com/lists/nessus/users/33642 -------- Original Message -------- Subject: Re: Client could not connect server Date: Tue, 13 Jan 2009 09:09:33 -0500 From: Ron Gula <rgula@tenablesec 13 Jan 2009 06:10:09 -0800 http://www.gossamer-threads.com/lists/nessus/users/33641 Dear Sir/Madam: I had downloaded Nessus3.2.1.1 software for windows version for study using. After I had installed this software I find a problem. 13 Jan 2009 01:24:20 -0800 http://www.gossamer-threads.com/lists/nessus/users/33640 Hello everyone, For 10 years now, the Nessus user base has been supported with the use of mailing lists as a medium to communicate with the communi 12 Jan 2009 09:08:00 -0800 http://www.gossamer-threads.com/lists/nessus/users/33639 Hi there This is the SSH-based DMI check (bios_get_info_ssh.nasl). Two things that dmidecode returns (at least on Linux boxes) that isn't recorded in 11 Jan 2009 16:23:39 -0800 http://www.gossamer-threads.com/lists/nessus/users/33634 Hello : I am using Fedora 8, and trying to install nessus plugins and keep getting the message "tar /opt/nessus/lib/nessus/plugins: not found in archi 11 Jan 2009 11:28:46 -0800 http://www.gossamer-threads.com/lists/nessus/users/33633 Hello! We use WSUS in our company for updates, but not everyone restart's his workstation for days. So in some cases the computer is still vulnerable 09 Jan 2009 04:10:00 -0800 http://www.gossamer-threads.com/lists/nessus/users/33628 In testing Nessus, I'm finding that I'm running into false negatives on certain sql injection vulnerabilities -- in reviewing my log, I've noticed the 08 Jan 2009 18:24:38 -0800 http://www.gossamer-threads.com/lists/nessus/users/33627 I have a question about the home feed. I use the Windows version of your product. It is registered, or was registered. I am getting the error mes 08 Jan 2009 11:20:49 -0800 http://www.gossamer-threads.com/lists/nessus/users/33625 David ROBERT wrote: >> Still, for increased performance and scan reliability, we recommend that you >> use Nessus Windows on a server product such as 07 Jan 2009 10:49:51 -0800 http://www.gossamer-threads.com/lists/nessus/users/33621 Hi everyone, As many pen-testers use Nessus in conjunction with other tools, I'd like to point out that Tenable today announced a partnership with 07 Jan 2009 08:56:42 -0800 http://www.gossamer-threads.com/lists/nessus/users/33619 Hi there, FreeBSD 7.1 was released on Jan 5th and I would like to know if Nessus and particularly version 3.2.1 already supports this OS. If that's 07 Jan 2009 06:52:47 -0800 http://www.gossamer-threads.com/lists/nessus/users/33616 UDP PortScan Plug-in Update -- Good news -- was able to get an updated/revised udp_scanner from Tenable which made it work properly -- kudos to Michel 06 Jan 2009 20:28:42 -0800 http://www.gossamer-threads.com/lists/nessus/users/33615 I'm looking for a way to have a web form that collects a host IP address, a choice of one (of three or so) sets of plugins to use, and a "start scan" 06 Jan 2009 08:20:08 -0800 http://www.gossamer-threads.com/lists/nessus/users/33612 I just gave the UDP scanner plugin a try and noticed in nessusd.messages [Mon Jan 5 21:36:01 2009][11939] udp_portscan.nbin depends on portscanners 05 Jan 2009 12:40:26 -0800 http://www.gossamer-threads.com/lists/nessus/users/33604 Hi there, Regarding the UDP scanner, I've been working offline with Michel (who's been extremely helpful) and here's where we stand (turns out we may 05 Jan 2009 08:09:01 -0800 http://www.gossamer-threads.com/lists/nessus/users/33603 Per this message from the Nessus archive, it seems that a non nmap UDP port scanner has been developed and implemented for Nessus http://www.mail-arc 01 Jan 2009 20:50:03 -0800 http://www.gossamer-threads.com/lists/nessus/users/33592 Hi, I'm a Nessus newbie, so please excuse my ignorance I just downloaded the PCI Plug-ins, and got the following error / output on my scan >>>>>>>> 31 Dec 2008 07:25:40 -0800 http://www.gossamer-threads.com/lists/nessus/users/33585 Hello, With a variety of Client options beyond the "standard" Nessus Client (e.g. Nessconnect, etc) that each put their own "twist" on reporting/sche 30 Dec 2008 12:28:43 -0800 http://www.gossamer-threads.com/lists/nessus/users/33579 List, I think plug-in ftp_servu_overflow.nasl is not working correctly ( script_id 12037 ) I have can a scan against a server runni 30 Dec 2008 12:05:54 -0800 http://www.gossamer-threads.com/lists/nessus/users/33580 Hi, I'm writing some NASL plugins at the moment and am getting fed up of going through the following procedure to make sure the new script is seen 29 Dec 2008 00:50:50 -0800 http://www.gossamer-threads.com/lists/nessus/users/33570 Greetings, I just installed Nessus 3.2.1 for my Fedora Core 9 server. I had no problems installing it but I am unable to update the plugins. I keep 24 Dec 2008 09:06:19 -0800 http://www.gossamer-threads.com/lists/nessus/users/33568 hello all i want to know how i see my plugins are update to my nessus installation, and freqency of update thanks 22 Dec 2008 02:52:47 -0800 http://www.gossamer-threads.com/lists/nessus/users/33565 hello all i am new to nessus and i want to known the best association which nessus for pentest nessus for vulnerability and other soft for exploit 22 Dec 2008 02:50:36 -0800 http://www.gossamer-threads.com/lists/nessus/users/33564 I was compiling the Nessus components for an ALIX x86 device (and will be more non x86 devices soon) and received the following error during configu 20 Dec 2008 10:28:56 -0800 http://www.gossamer-threads.com/lists/nessus/users/33563 I scanned a computer and this plugin (ID 34447: http://www.nessus.org/plugins/index.php?view=single&id=33447) was positive. I looked at the links and 19 Dec 2008 11:55:45 -0800 http://www.gossamer-threads.com/lists/nessus/users/33561 I am trying to update nessus. I ran the update and discovered that the directory was out of space; it kept giving me errors on each NASL. So, we add 18 Dec 2008 11:35:11 -0800 http://www.gossamer-threads.com/lists/nessus/users/33558 I don't think this is correct, I checked with Trendmicro and 8.910 is the latest, Can someone look into this for us? Trend Micro Anti Virus Check 17 Dec 2008 09:48:15 -0800 http://www.gossamer-threads.com/lists/nessus/users/33552 I am currently performing a GPO audit for one of my clients, which calls for a granular, programmatic audit of a few hundred GPO's. The requirement he 17 Dec 2008 09:40:47 -0800 http://www.gossamer-threads.com/lists/nessus/users/33551 Good Afternoon, I am having an issue with running a scan from the command line (e.g. "*C:\Program Files\Tenable\Nessus>nessuscmd 127.0.0.1 default* 17 Dec 2008 02:00:57 -0800 http://www.gossamer-threads.com/lists/nessus/users/33550 New user, running Nessus 3 on XP sp3. The following plugins work correctly for me when attempting to identify world writeable nfs shares in a small * 16 Dec 2008 15:07:36 -0800 http://www.gossamer-threads.com/lists/nessus/users/33549 I am receiving "slow to finish in 120 sec. against <host>" in my scan log file. The hosts in question are local to the scanner and are not any specif 16 Dec 2008 08:50:21 -0800 http://www.gossamer-threads.com/lists/nessus/users/33546 Hi, Nessus found on my system that I have "Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows informati 16 Dec 2008 05:53:15 -0800 http://www.gossamer-threads.com/lists/nessus/users/33542 Hi there, We had an incident this afternoon when a user scanned an IP that was not included in his access list, and it rebooted the firewall. I used 15 Dec 2008 13:53:18 -0800 http://www.gossamer-threads.com/lists/nessus/users/33540 Just before I go write one, I wanted to be sure there wasn't one out there... I searched the plugins couldn't find, SMS or "Microsoft Systems Manageme 15 Dec 2008 12:24:06 -0800 http://www.gossamer-threads.com/lists/nessus/users/33538 Hi, I use nessus 3.2.1 to scan a set of windows servers for missing patches. the profile that I use from the command line has the smb credentials sav 11 Dec 2008 08:33:20 -0800 http://www.gossamer-threads.com/lists/nessus/users/33532 Hi, I am new to Nessus and I am using it on a linux box with no X environment. I have started nessusd successfully and I have been able to perform a 10 Dec 2008 14:03:05 -0800 http://www.gossamer-threads.com/lists/nessus/users/33530 Nessus 3 detecting "Vulnerabilities in DNS Could Allow Spoofing (953230)" on my Windows XP SP3 box. Micrososft says that this vulnerability does no 10 Dec 2008 12:38:28 -0800 http://www.gossamer-threads.com/lists/nessus/users/33528 I am conducting full scans (Enabled all plugins in safe mode) using Linux Etch 4.0 machines and Nessus 3 server and client for linux. If I have a mac 09 Dec 2008 10:16:47 -0800 http://www.gossamer-threads.com/lists/nessus/users/33513 I've been getting an error saying that the description on the following NASLs is too long: redhat-RHSA-2008-0972.nasl debian_DSA-1669.nasl sun_java_j 09 Dec 2008 07:19:06 -0800 http://www.gossamer-threads.com/lists/nessus/users/33515 helo all, i am new in nessus and i want to know how change the ouput of plugins in french. I see in the config file nessusd.conf and a see the optio 09 Dec 2008 02:47:55 -0800 http://www.gossamer-threads.com/lists/nessus/users/33510 Hi If I disable the Portscan get I the same result in Warnings and Hols with just the difference that no ports are checkd wich is no plugin for? Greet 08 Dec 2008 12:12:32 -0800 http://www.gossamer-threads.com/lists/nessus/users/33506 Dear All, I can't find a reliable way to use the "Supported SSL Ciphers Suites plugin" against a https:443 webserver http://www.nessus.org/plugins/in 08 Dec 2008 09:57:14 -0800 http://www.gossamer-threads.com/lists/nessus/users/33502 Hi, I tryed to open the the attached file as target source and get this error: Target format is invalid, please check your input I use winXP any 06 Dec 2008 15:28:01 -0800 http://www.gossamer-threads.com/lists/nessus/users/33501 List- Has anyone successfully implemented these scripts with Nessus? I currently have Nessus 3.2.1 on a RH Server and use the command line to execut 06 Dec 2008 08:10:28 -0800 http://www.gossamer-threads.com/lists/nessus/users/33500 I launched a scan on a range and I'm curious as to why this one host seems to be confusing nessus_tcp_scanner. The rest of the hosts in the range fi 05 Dec 2008 10:13:49 -0800 http://www.gossamer-threads.com/lists/nessus/users/33499 Is there a way to run a command from the terminal/command prompt similar to nessusupdate for Mac's? Thanks Simon -- USA Cellphone: +1 409 256 7357 04 Dec 2008 11:44:45 -0800 http://www.gossamer-threads.com/lists/nessus/users/33489 Hi, running version 3.2.0 on 7.10 server from the command line I scan and save the results in nbe file and then convert them to html or xml The plugi 04 Dec 2008 09:12:27 -0800 http://www.gossamer-threads.com/lists/nessus/users/33486 Hello, How use menu "File/Import" [0] in Nessus Client? I need import .nsr o .nbe to NessusClient and File/Import is disable. [0] http://www.ulises 04 Dec 2008 05:20:24 -0800 http://www.gossamer-threads.com/lists/nessus/users/33481 Hi there, i need your help please. My company use Enterasys Network Switches and the NAC (Network Access Gateway) Enterasys developt an agend to 04 Dec 2008 03:23:39 -0800 http://www.gossamer-threads.com/lists/nessus/users/33480 Hello, I would like to know why I am getting this vulnerability "Exchange XEXCH50 Remote Buffer Overflow" on a Windows Server 2003 and an Exchange Ser 03 Dec 2008 18:36:45 -0800 http://www.gossamer-threads.com/lists/nessus/users/33479 hello, is there any existing tools to take a nessus result and then push it in a database ? (or I need to parse the whole nsr file, etc) thanks. 02 Dec 2008 06:29:43 -0800 http://www.gossamer-threads.com/lists/nessus/users/33473 Hi there We just did a vulnerability scan of a new Internet Web farm we have - and I did it by scanning a range of Internet IPs - as that was all the 02 Dec 2008 00:32:25 -0800 http://www.gossamer-threads.com/lists/nessus/users/33469 Hello all, I have a multi homed machine (6 interfaces) and I want to bind the nessus daemon to listen on two of the interfaces, but the "nessusd -a 19 01 Dec 2008 00:28:09 -0800 http://www.gossamer-threads.com/lists/nessus/users/33455 I am planning to deploy Nessus as a tool for scanning a very large network, locating the Windows hosts online, logging into these hosts and retrieving 28 Nov 2008 07:46:25 -0800 http://www.gossamer-threads.com/lists/nessus/users/33452 I'm trying to use Nessus to detect machines that have Skype installed. If I select only the plugins that have the word Skype in the description, it d 27 Nov 2008 15:19:30 -0800 http://www.gossamer-threads.com/lists/nessus/users/33450 Hello and please forgive the simplicity of the question however this is where Nessus support asked me to turn to so here we go. We have a product cal 27 Nov 2008 13:43:23 -0800 http://www.gossamer-threads.com/lists/nessus/users/33456 Hola Getting backtraces from time to time, using Gentoo linux x86. 14:58:09 root@hayate:/opt/nessus/sbin # ./nessusd nessusd (Nessus) 3.2.1. for Lin 27 Nov 2008 05:02:56 -0800 http://www.gossamer-threads.com/lists/nessus/users/33448 Hello, I use Nessus 3.0.6.1 at winXP PRO SP2. What is the recommend Max number of packets per second for a port scanMax number of packets per secon 27 Nov 2008 00:37:48 -0800 http://www.gossamer-threads.com/lists/nessus/users/33447 Hi everyone, new to the list but have been a user of nessus for quite some time. Recently did some rather large scans and my clients would like to ha 26 Nov 2008 12:26:13 -0800 http://www.gossamer-threads.com/lists/nessus/users/33445 Hello, I am having a question concerning port scan range... How can I define that I want to scan this port with UDP and not TCP ? Actually, by 25 Nov 2008 07:48:56 -0800 http://www.gossamer-threads.com/lists/nessus/users/33443 HI All, I use Nessus 3.0.6 and after updating the vulnerabilities yesturday I no longer have the ability to edit profile preferences. When I go in to 25 Nov 2008 03:52:57 -0800 http://www.gossamer-threads.com/lists/nessus/users/33441 Hello, I scanned an LDAP server and got : Port commplex-main (5000/tcp) Obsolete Web Server Detection Synopsis : The remote web server is o 19 Nov 2008 05:06:38 -0800 http://www.gossamer-threads.com/lists/nessus/users/33435 Hello All, I'm looking for any information regarding "Filer panic" when running NESSUS on DataONTAP. The description that I got from another en 18 Nov 2008 09:16:55 -0800 http://www.gossamer-threads.com/lists/nessus/users/33433 Hello, In SC3: How can I know which ports is scanned if my policy use the 'default' Port Scan Range ? Is there a file that lists every ports used 18 Nov 2008 06:16:31 -0800 http://www.gossamer-threads.com/lists/nessus/users/33431 Hi there I just came across a couple of servers on our network where the SysAdmins hadn't changed the default password. It occurred to me that relyin 17 Nov 2008 20:40:44 -0800 http://www.gossamer-threads.com/lists/nessus/users/33429 Can someone from Tenable update the following plug-in to use the standard report format "Plugin Output:" header ? Currently, the plug-in output is ju 17 Nov 2008 12:01:12 -0800 http://www.gossamer-threads.com/lists/nessus/users/33425 Classification: UNCLASSIFIED Caveats: NONE This might be a totally 'duh' Q&A, but I want to make sure I'm doing this right. I've been mucking aro 17 Nov 2008 08:40:02 -0800 http://www.gossamer-threads.com/lists/nessus/users/33424