September 24th, 2002, 03:37 PM
Nmap and Nessus
Running Nessus 1.2.5
Running Nmap v3.0
Scanning FW-1 Server
On RH Linux 7.2.
Here's the question. When I run a Nessus scan on ports 1-1024, its comes back as a dead host. Using TCP scan as well. Great! Makes me happy to see that.
I also run an nmap on the same ports, using TCP scan. It returns right away with:
"Host x.x.x.x appear to be up...good"
"All scanned ports are: filtered"
Why would Nessus see the host as dead, when nmap see's the host is up. How do these two differ when it comes to verifying the server is up or down?
Big confusion for me is that Nessus has nmap in it....
September 24th, 2002, 03:58 PM
You have to be careful what options you select with nessus. I don't have it in front of me at the moment, but there are several configurable options for the nmap module. One thing that is possible is that you have a ping option selected and the destination may be stopping it. Another possibility is that you were a little overzealous in selecting your options and the result is that nessus thinks the machine isn't up. Either way, check the options.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
September 24th, 2002, 04:48 PM