On Sun, 13 Jan 2002, Renaud Deraison wrote: |On Sun, Jan 13, 2002 at 04:36:35PM -0500, Klun, Jim wrote: |> We have a fellow here working on exactly this. |> he plans on taking the nmap output, finding the open ports, and grepping the |> nasl's |> to build a list of nessus probes to use based on ports. |> | |Errr, this is all implemented in Nessus 1.1.x : | |- you can "upload" nmap's results to nessusd |- you can declare to nessusd that unscanned ports are considered as | being closed, so no futile attempt is made, and the scan goes | faster | | -- Renaud
The caveat is that you might not catch a service running on a non standard port, especially if you see "common" ports open. Generic nmap does not attempt to identify the services running on the port (though there are patches that will attempt to do so). In some organizations, a few holes are poked in the firewall/ACLs (say for ports 21/tcp and 80/tcp) and the services are simply disabled on the hosts that don't need it. It's highly possible for a sneaky employee or a rogue intruder to realize that this hole exists and for them to plop their own service on that port. If you specifically disable the checks you think you don't need, you may not get a full assessment of what is truly running on that port. .nhoJ
