Re: Nessus Scans over a VPN

Michael J McCafferty Wed, 12 Jan 2005 09:42:13 -0800

TJ,

The VPN device may not be able to keep up with the number of packets your are hurling over the VPN during a port scan of more than one host at a time. This is dependent upon the encryption algorithm (for example 3DES is more taxing than AES) and the CPU in your VPN device, and the speed of the scan and/or network.

For reference, I once tried a scan over an 3DES IPSec VPN, 3Mbps Internet connection, 10 hosts at a time, with an older model WatchGuard FireBox, and it DoS'd the VPN firewall. The admin rebooted it after it was unresponsive for only 2 minutes. Who knows if it would have recovered. Ahhh, mistakes, we learn from them.

From then on, for locations that need to be scanned that I will not be visiting personally which have may suffer the same fate as the one above, I ship a small PC (a shuttle) or a 14" deep 1U system with Nessus installed on it. I ssh into the box over the VPN and do the scan. A nice touch is to ship a return shipping label inside the box you ship the system to the customer in... or you risk a delayed return of your hardware. The remote location may not have it's own shipping facilities.

Mike

At 03:39 PM 1/11/2005 -0500, Firewall Administrator wrote:

Greetings!
I would like to know whether members of this list have any thoughts about whether one could run successful Nessus scans over a VPN link. I have read various concerns about running Nessus scans through a firewall, but haven't seen anything about doing it through a VPN.

What would the potential problems be? Network latency causing false positives (or false negatives)? Any thoughts from anyone who has tried this?
Thanks in advance,
TJ
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus


************************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Hosting
http://www.m5hosting.com

You can have your own custom Dedicated Server up and running today ! OpenBSD, Fedora, RHEL, Debian, FreeBSD, and more ************************************************************

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Re: Nessus Scans over a VPN

Reply via email to