Or maybe I should say kind of solved .. ;) I noticed that if I run the same scan, outside of my SonicWALL Pro rather than inside of it, the dead hosts no longer get dragged in with the live ones for port scanning and attacks.
If I run the scan within my SonicWALL Pro, the dead ip's are bypassed appropriately *until* I get to a live one, at which point all dead IP's on the screen at that time get port scanned and attacked. This happens with the NMAP option off and also on. I hope this might help others if they run into the behavior .. Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark G. Spencer Sent: Wednesday, July 16, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Problem with pinging hosts in a batch .. I notice with Nessus 2.0.7 on Red Hat 9 that if I target individual IP's on my network that I know are dead, within a couple seconds Nessus drops to the report screen with no portscan or attacks run against that single IP. This is good. The only option I have modified from a default install is to "Ping" the host under preferences. Now, when I sweep a series of IP addresses (e.g. 192.168.1.0/24) the first ten or so dead IP's will flash out of the "scanning network" view as they should. Once I hit one IP that is alive however, all the IP's that are currently on the "scanning network" view at that time are now portscanned and attacked, even though they are dead! Any idea what is causing this? To summarize .. As I sweep through a series of IP addresses on my network, any IP's that happen to be on the "scanning network" view along with an IP address that is alive, they are all portscanned and attacked. I am running NMAP 3.30. Thanks for the help, Mark
