.

Accurate Nessus Results

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu May 10, 2007 2:11 pm

Accurate Nessus Results

I'm using Nessus 3 on Windows XP and I have a class C range to scan. I've run the scan with all (safe) plug-ins enabled. I have gotten different results every scan with various warnings and holes showing up and not showing up. Is there a way to be more accurate with nessus (short of using another scanner)?
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri May 11, 2007 2:23 pm

Re: Accurate Nessus Results

Are all the addresses static? If not, and its DHCP, that may account for the inconsistent results. What exactly is the Class C network that your scanning?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri May 11, 2007 2:58 pm

Re: Accurate Nessus Results

Yes, all the addresses are static. I'm not scanning an internal network, I'm scanning the external IP range for our company. I'm thinking it could be something with the firewall since all the traffic is going through it.
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri May 11, 2007 3:10 pm

Re: Accurate Nessus Results

How is the natting done? mapped one to one or via Nat pool?

Also, loadbalancers like F5's can mangle results. Also, with some firewalls will answer for servers even if the server isn't listening on that port.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon May 14, 2007 8:15 am

Re: Accurate Nessus Results

Yes, the NATing is done one-to-one. We do have a load balancer, but I'm not 100% sure where it sits in the architecture. I think I'm probably running into the issue with the firewall answering for servers that aren't really listening as you've mentioned. I'll check into each of those. Thanks for the ideas.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software