Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

Scanning policy

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


nexact at gmail

Nov 12, 2008, 12:32 PM

Post #1 of 2 (817 views)
Permalink
Scanning policy

Hello,

We have some machine that is running a database on a non-common port,
however, we are scanning with common port policy.
I would like to know, is there a kind of ways that could allow Nessus to
detect these non-common port ?

My other option is to run an all port scan that will reach database on
non-common port but... how will Nessus handle that ?
Nessus will do a fingerprint on the service and then scan it for known
vulnerability or it will skip it ?

Thanks for your answer !


theall at tenablesecurity

Nov 12, 2008, 7:55 PM

Post #2 of 2 (728 views)
Permalink
Re: Scanning policy [In reply to]

On Nov 12, 2008, at 3:32 PM, nexact wrote:

> We have some machine that is running a database on a non-common
> port, however, we are scanning with common port policy.
> I would like to know, is there a kind of ways that could allow
> Nessus to detect these non-common port ?

The answer depends to some extent on how the database service reacts
and how you're configuring your scan. [.Not to mention of course the
port range that you specify.]

On the one hand, Nessus has a couple of general service detection
plugins. They work by looking for spontaneous banners or by sending
something relatively harmless like an HTTP GET or 'HELP' to the port
and reading a response. If a service responds to one of these probes,
we can often identify the service without taking the actual port
number into consideration. MySQL and to some extent PostgreSQL work
like this.

On the other, we have some plugins that try to detect specific
applications, including database services like Oracle, DB2, MSSQL, and
Firebird. They work by sending packets that try to do something like
simulate a login and then make sure the response looks "ok". These
plugins are generally coded such that they look for a service only on
its well-known port(s) by default, although they will also check on
any open port with an unidentified service if the 'Thorough tests'
option is enabled. Note that enabling 'Thorough tests' entails some
risk, though, since some services react poorly when they are sent data
that appear to them to be malformed.

> My other option is to run an all port scan that will reach database
> on non-common port but... how will Nessus handle that ?
> Nessus will do a fingerprint on the service and then scan it for
> known vulnerability or it will skip it ?


Are you able to do a credentialed scan? That would likely be the
safest and most reliable.

Otherwise, if Nessus identifies the service, it should run the
associated plugins against that service regardless of which port its on.

George
--
theall [at] tenablesecurity



_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.