Andrew Jefferies wrote: > > I'm running Nessus version 1.1.14 and have noticed that I don't get the > same results when scanning targets on a restricted port set. > Specifically I scanned a host on port 25 only and then I scanned the > same host on all ports. The first scan didn't pick up any mail > vulnerabilities while the second picked up 4, including mail relay a > buffer overflow on port 25.
I'm not sure if its the same issue, but when i enable the "tcp ping" if the host is not listening to the tcp ping port (80 default), the plugin declares the host "dead", even if it answers to pings and/or has ports open. And of course nessusd does not run any vuln checks on the dead host... Maybe this is expected, but i found it to be somewhat confusing. I think the host should be flagged as "dead" if it does not do tcp ping AND does not give icmp ping (maybe AND does not have some ports open)... please throw in some comments =) Cristobal -- Cristobal Soto Y. ICSA.cl - The e-risk security company - http://www.icsa.cl
