OK, this turns out not to be a problem with nessus at all. It looks to me like a bug in the BIOS on the machine that I'm running 1.2.6 on! It has power management enabled but it seems to put the machine into slow-as-molasses mode if no-one presses a key on the keyboard or moves the mouse - this despite the machine running at 100% cpu and the hard disk churning away like there's no tomorrow.
If I disable APM completely then the 1.2.6 run works with nearly exactly the same results as 1.0.10 on a different machine (an almost identical machine differing only in the amount of RAM installed). Being Compaq machines they have very little customisation options regarding APM. Turning it off is the only solution. I'm now down to only the one netbios difference between 1.0.10 and 1.2.6 and that is that plugin smb_accessible_shares.nasl returns no results on 1.2.6. It runs with no errors but doesn't produce any results. I've tried substituting the 1.0.10 version of the plugin on the 1.2.6 system but it makes no difference. I'll do some more work on why and how this fails and raise a bug report later. -----Original Message----- From: Hemsley, Trevor Sent: 11 December 2002 14:01 To: [EMAIL PROTECTED] Subject: Still weird SMB results on 1.2.6 To report back on my findings so far... Hugo asked if I had checked which release, 1.0.10 vs 1.2.6, was more accurate for the SMB results and the answer is that 1.0.10 is much much more accurate. Renaud asked me to try a couple of things. First one, set non_simult_ports_list to 139,445 instead of just 139. This improves things somewhat, the number of hosts found for plugin 10150 (Netbios names) goes up from 15 to 30 vs the 62 found on nessus 1.0.10. The next thing I tried was to set max_hosts=40 (up from the default of 30) and max_checks=1 (down from 10). This gets me back to pretty much where I was in 1.0.10, today's scan of the same subnet with 1.2.6 found 65 hosts responding to plugin 10150 (about the same as 1.0.10). I don't know if this improves things because of the non-parallel checking of vulnerabilities on the same host or just because my machine is much more responsive. Using the default settings for max_hosts and max_checks gives me a load average on "top" of around 49! With it set to 40/1 it drops to around 20. Looking in nessusd.messages in the runs that fail to find netbios enabled machines shows lots of "smb_login.nasl (pid x) is slow to finish - killing it". I'll do some more experimentation with this and find out. I don't get any results from plugin 10396 (SMB shares access) in 1.2.6 whatever the settings in use. 10395 works and enumerates the shares but 10396 doesn't access them any more. I'll check into this one a bit more too. Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This e-mail is privileged and may contain confidential information intended only for the person(s) named above. If you receive this e-mail in error, please notify the addressee immediately by telephone or return e-mail. Although the sender endeavours to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.] - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
