To help understand the problem, I have a sample nessus config files and output available for anyone who has some time to look at the problem... but before getting to the data, here are the symptoms:
1. I get duplicate (2) "host_start" timestamp messages in the output
2. I get duplicate (2) "host_stop" timestamp messages in the output
3. There are duplicate "open port" messages. The number of duplicates is not fixed. I cannot seen an obvious reason for the variable number of duplicate entries. Possibly duplciated due to the number of different port scanners that try and hit the same port. Possibly a duplicate per different scanner.
4. There are duplicate plugin "hits". Ie: The same plugin appears multiple times in the report. Possibly duplicated the same number of times that the port required was detected. I have not checked in detail.
5. Having checked the nessusd.messages log file, the same scan options are executed twice. The number of times a plugin is executed appears to match the number of duplicate entries in the output when a vulnerability is detected.
nessusd.messages:[Mon Nov 15 01:04:44 2004][485] user inprotect : launching proftpd_user_enum.nasl against 1.1.1.1 [897]
nessusd.messages:[Mon Nov 15 01:04:44 2004][485] proftpd_user_enum.nasl (process 897) finished its job in 0.171 seconds
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] user inprotect : launching proftpd_user_enum.nasl against 1.1.1.1 [945]
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] proftpd_user_enum.nasl (process 945) finished its job in 0.079 seconds
The command that was executed is listed below:
nessus -qx 127.0.0.1 1241 user pass target_s459 nessus_s459.out -V -T nbe -c nessus_s459.cfg
All data including log information, nessusrc file, and output data is available for analysis at
http://inprotect-devel.ana.no1.com.au/nessusdata/ _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
