> Yes, but Nessus will do its test against the initial IP. So yes, this > might become an issue for those who do manual testing at the end of the > check and who will use the resolved name, but it should not affect > Nessus in itself.
I speak from experience. I did a test against a class c block, using the nessus gui. I had selected 'resolve dns before test' One of the ip's reverse resolved to a bad dns name. that bad dns name now fwd resolves to verisign. and I got these in the test results: plugin id 10263 Remote SMTP server banner : 220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 readyr plugin id 11154 An unknown server is running on this port. If you know what it is, please send this banner to the Nessus team: 00: 32 32 30 20 73 6e 75 62 62 79 34 2d 77 63 65 61 220 snubby4-wcea 10: 73 74 20 53 6e 75 62 62 79 20 4d 61 69 6c 20 52 st Snubby Mail R 20: 65 6a 65 63 74 6f 72 20 44 61 65 6d 6f 6e 20 76 ejector Daemon v 30: 31 2e 33 20 72 65 61 64 79 0d 0a 32 35 30 20 4f 1.3 ready..250 O 40: 4b 0d 0a 32 35 30 20 4f 4b 0d 0a K..250 OK.. plugin id 10287 (note 64.94.110.11 is the verisign ip) For your information, here is the traceroute to 64.94.110.11 : 208.233.96.213 157.130.68.217 152.63.84.182 152.63.0.238 152.63.82.193 192.205.32.129 12.123.20.250 12.122.10.69 12.122.11.186 12.123.9.65 12.126.174.110 65.205.32.186 65.205.32.58 64.94.110.11 -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/
