Mailing List Archive: Nessus: users

Serializing a port scan

Index | Next | Previous | View Threaded

Christopher.Tidball at qwest

Feb 11, 2009, 4:02 PM

Post #1 of 4 (4579 views)
Permalink

Serializing a port scan

Looking for advice on how to serialize a scan of multiple hosts so that only
one host is scanned at a time. I have edited the policy so that the maximum
hosts per scanner is set to one. Is this all that is required?
Thanks,

Chris Tidball

Attachments:

smime.p7s (3.61 KB)

mikhail at nessus

Feb 12, 2009, 2:12 AM

Post #2 of 4 (4302 views)
Permalink

Re: Serializing a port scan [In reply to]

On Wed, 11 Feb 2009 18:02:48 -0600
"Tidball, Christopher" <Christopher.Tidball [at] qwest> wrote:

> Looking for advice on how to serialize a scan of multiple hosts so
> that only one host is scanned at a time.

There is no way serialize *port scanners* per se.

> I have edited the policy so that the maximum hosts per scanner is set
> to one. Is this all that is required?

Only one host will be scanned at a time, and as Nessus never runs
several portscanners simultaneously against a given host, this will
work.
It will do more than what you want, if I interpreted your question
correctly. If you need to limit the global network load, global limits
might be a solution. Try to edit global.max_simult_tcp_sessions in
nessusd.conf

PS: the mailing list will be shut down soon, you'd rather go to
http://discussions.nessus.org
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

rgula at tenablesecurity

Feb 12, 2009, 2:27 AM

Post #3 of 4 (4299 views)
Permalink

Re: Serializing a port scan [In reply to]

Tidball, Christopher wrote:
> Looking for advice on how to serialize a scan of multiple hosts so that only
> one host is scanned at a time. I have edited the policy so that the maximum
> hosts per scanner is set to one. Is this all that is required?
> Thanks,
>
> Chris Tidball

This will limit your entire scan to one host at a time.

Typically when someone mentions slowing down a port scan, I suggest
they look at the credentialed port scanning and process enumeration
technique:

http://blog.tenablesecurity.com/2008/09/how-to-perform.html

If you have credentials, this is the fastest way to perform a full
port scan without creating network traffic.

Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

nessus at the-jedi

Feb 12, 2009, 6:09 AM

Post #4 of 4 (4308 views)
Permalink

Re: Serializing a port scan [In reply to]

Ron Gula wrote:

[snip]
> Typically when someone mentions slowing down a port scan, I suggest
> they look at the credentialed port scanning and process enumeration
> technique:
>
> http://blog.tenablesecurity.com/2008/09/how-to-perform.html
>
> If you have credentials, this is the fastest way to perform a full
> port scan without creating network traffic.

The problem with credentialled scans is that its not going to help you
test host-based firewall rules, tcp_wrappers or software ACL's are doing
their job, as netstat will report the ports as open anyway.

I just checked and was quite relieved that Nessus when using netstat
does take notice of the interface you're scanning - i.e. if you have a
service only listen on eth0, Nessus only records it if you're scanning
eth0 and not eth1

P.S. When are we moving to the forum and closing this maillinglist?

--
Simon John
nessus at the-jedi.co.uk

_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads