Nessus on Class B (was Re: [unisog] echo and chargen [Nessus])

Mike Johnson mike at enoch.org
Wed Jan 22 17:28:54 GMT 2003


Jeff Bollinger wrote:
 
> Speaking of Nessus, does anyone on the list have problems with Nessus
> choking on a Class 'B'?  We're running version 1.2.1 and if we enable
> only one check and try to do a whole class B, it chokes somewhere near
> the middle.  Alot of times we'll also get something like "sendto buffer
> full" when we run large probes with Nessus or scans with Nmap.  We've
> started breaking our probes down to Class C's but as you can imagine,
> that takes forever!  Any ideas?  I was looking through some Nessus
> mailing list archives who suggest to run Nessus with the "-n" flag to
> disable pixmaps, but that didn't seem to help...


I'd be surprised if anyone has managed to get Nessus to scan a full
class B.  I haven't seen any successful reports of this on the Nessus
mailing list.  

You're going to need to split up the scan.  You can try and speed it up
by increasing the number of threads for nessusd (fifty would probably be
a good start).  You might also make sure and use the internal nmap (so
it doesn't have to fork each time) and limit the ports that are tested
further than what it's set to stock.

Also, are you using the GUI to initiate the scan, or just view the
results?  You might want to just use the command line client.  That'll
make it easy to schedule the scans, as well is be less likely to choke
as it tries to display the results.

In the end, even if Nessus could scan an entire class B in one fell
swoop, it would still take a long time.  By splitting your scan ahead of
time, it might actually take less time.

Mike
-- 
"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH 
 YOUR LASER CANNONS!" -- Brak

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc



More information about the unisog mailing list