Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

Nessus for port scanning --

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


Mike.Vasquez at cityofmesa

Sep 26, 2008, 8:34 AM

Post #1 of 6 (1960 views)
Permalink
Nessus for port scanning --

I'm looking at using Nessus for some general port scanning, so that i can
have all results consolidated in Security Center. I really want to limit
scanning to a port or 2, and limit the hosts to just a handful at a time,
to limit network traffic during the scan.

My initial testing seemed to indicate that it was taking about a minute
and a half per IP. That was much longer than I expected. I was checking
for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
scan.

Wondering if it's a case of using the wrong tool, or if there are
additional settings/tweaks I should consider. Any input appreciated.

Thanks,
Mike


rgula at tenablesecurity

Sep 29, 2008, 5:48 AM

Post #2 of 6 (1840 views)
Permalink
Re: Nessus for port scanning -- [In reply to]

Mike.Vasquez [at] cityofmesa wrote:
> I'm looking at using Nessus for some general port scanning, so that i can
> have all results consolidated in Security Center. I really want to limit
> scanning to a port or 2, and limit the hosts to just a handful at a time,
> to limit network traffic during the scan.
>
> My initial testing seemed to indicate that it was taking about a minute
> and a half per IP. That was much longer than I expected. I was checking
> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
> scan.
>
> Wondering if it's a case of using the wrong tool, or if there are
> additional settings/tweaks I should consider. Any input appreciated.
>

Hi Mike,

We're you performing the test under SC3 or under a Nessus Client?

If you limited the scanned ports to just two ports, the scan should not
have taken that long. I'm curious if you had any other plugins enabled
such as service fingerprinting.

Ron Gula
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


Mike.Vasquez at cityofmesa

Sep 29, 2008, 7:32 AM

Post #3 of 6 (1829 views)
Permalink
Re: Nessus for port scanning -- [In reply to]

The scan was created/launched in SC3, and all plugins were disabled,
including service checking.






Ron Gula <rgula [at] tenablesecurity>
Sent by: nessus-bounces [at] list
09/29/2008 05:48 AM

To
nessus [at] list
cc

Subject
Re: Nessus for port scanning --






Mike.Vasquez [at] cityofmesa wrote:
> I'm looking at using Nessus for some general port scanning, so that i
can
> have all results consolidated in Security Center. I really want to
limit
> scanning to a port or 2, and limit the hosts to just a handful at a
time,
> to limit network traffic during the scan.
>
> My initial testing seemed to indicate that it was taking about a minute
> and a half per IP. That was much longer than I expected. I was
checking
> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN

> scan.
>
> Wondering if it's a case of using the wrong tool, or if there are
> additional settings/tweaks I should consider. Any input appreciated.
>

Hi Mike,

We're you performing the test under SC3 or under a Nessus Client?

If you limited the scanned ports to just two ports, the scan should not
have taken that long. I'm curious if you had any other plugins enabled
such as service fingerprinting.

Ron Gula
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


rgula at tenablesecurity

Sep 29, 2008, 7:42 AM

Post #4 of 6 (1825 views)
Permalink
Re: Nessus for port scanning -- [In reply to]

Hi Mike,

How did you determine that the scans took 1 to 1.5 minutes per host?

What did the Security Center report as the time it took for your total
scan time? This scan time considers the total number of IP addresses
and not the actual hosts that were scanned. In other words, if Nessus
is spending time trying to ping hosts that aren't there, this will
cause your scan to take a bit longer.

You could also extract the .nessus file from your SC3 scan and try
this in the Nessus Client to see if there is any difference.

Ron


Mike.Vasquez [at] cityofmesa wrote:
> The scan was created/launched in SC3, and all plugins were disabled,
> including service checking.
>
> Ron Gula <rgula [at] tenablesecurity>
> Sent by: nessus-bounces [at] list
> 09/29/2008 05:48 AM
>
> To
> nessus [at] list
> cc
>
> Subject
> Re: Nessus for port scanning --
>
>
> Mike.Vasquez [at] cityofmesa wrote:
>> I'm looking at using Nessus for some general port scanning, so that i
> can
>> have all results consolidated in Security Center. I really want to
> limit
>> scanning to a port or 2, and limit the hosts to just a handful at a
> time,
>> to limit network traffic during the scan.
>>
>> My initial testing seemed to indicate that it was taking about a minute
>> and a half per IP. That was much longer than I expected. I was
> checking
>> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
>
>> scan.
>>
>> Wondering if it's a case of using the wrong tool, or if there are
>> additional settings/tweaks I should consider. Any input appreciated.
>>
>
> Hi Mike,
>
> We're you performing the test under SC3 or under a Nessus Client?
>
> If you limited the scanned ports to just two ports, the scan should not
> have taken that long. I'm curious if you had any other plugins enabled
> such as service fingerprinting.
>
> Ron Gula
> _______________________________________________
> Nessus mailing list
> Nessus [at] list
> http://mail.nessus.org/mailman/listinfo/nessus
>
>

_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


p.remek1 at googlemail

Sep 30, 2008, 6:24 AM

Post #5 of 6 (1844 views)
Permalink
Re: Nessus for port scanning -- [In reply to]

Hi,

As I am curious too I will add my findings. I have set up nessus to scan
single
one IP address for single one port (23), with all plugins and all other
stuff turned off.
Even with this minimal setting I can see lot of data going out to the scan
target.
I have captured about 130-150 packets going to and from various ports
(ftp,http etc.)

The scan takes 35 seconds to complete, target box is on LAN.

Thanks,
P

On Mon, Sep 29, 2008 at 2:48 PM, Ron Gula <rgula [at] tenablesecurity> wrote:

> Mike.Vasquez [at] cityofmesa wrote:
> > I'm looking at using Nessus for some general port scanning, so that i can
> > have all results consolidated in Security Center. I really want to limit
> > scanning to a port or 2, and limit the hosts to just a handful at a time,
> > to limit network traffic during the scan.
> >
> > My initial testing seemed to indicate that it was taking about a minute
> > and a half per IP. That was much longer than I expected. I was checking
> > for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
> > scan.
> >
> > Wondering if it's a case of using the wrong tool, or if there are
> > additional settings/tweaks I should consider. Any input appreciated.
> >
>
> Hi Mike,
>
> We're you performing the test under SC3 or under a Nessus Client?
>
> If you limited the scanned ports to just two ports, the scan should not
> have taken that long. I'm curious if you had any other plugins enabled
> such as service fingerprinting.
>
> Ron Gula
> _______________________________________________
> Nessus mailing list
> Nessus [at] list
> http://mail.nessus.org/mailman/listinfo/nessus
>


mikhail at nessus

Sep 30, 2008, 10:33 AM

Post #6 of 6 (1843 views)
Permalink
Re: Nessus for port scanning -- [In reply to]

On Tuesday 30 September 2008 15:24:19 P. Remek wrote:

> Even with this minimal setting I can see lot of data going out to the scan
> target.
> I have captured about 130-150 packets going to and from various ports
> (ftp,http etc.)

If you set "consider unscanned ports as closed", then the TCP activity
probably comes from the TCP ping (ping_host.nasl)
And UDP services are always scanned.
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.