At 02:58 PM 9/21/2006, Engstrom, Glenn E \(Glenn\) wrote: >Is there a maximum number of targets that can be specified to be >scanned? >Does this vary by Nessus version? Is there a maximum for what >can be specified in NessusWX? > >I normally use nessusWX to submit my scans to a server running Nessus. >Just am curious if there is a max number of IP's. Would that be >different if subnets using CIDR notation were specified? Or is it just a >specific number of entries that can be used? > >Is a 1,000 too many? What about 100,000?
Hi Glen, If you are scanning an entire network, CIDR notion makes your target file smaller and more efficient, but doesn't really have impact on the Nessus scanning engine. Aside from that though, the Nessus engine will try to scan what you give it. Your question does make me think of some other points which should be of interest to the list. We're running into less and less people using Nessus 2. If you are scanning 100k IPs you will get a significant increase in performance by using Nessus 3. You can read more details about the speed-up here: http://www.nessus.org/documentation/index.php?doc=nessus3 Tenable has a lot of experience with customers scanning 100k IPs with the Security Center. Some of these customers use multiple Nessus scanners which can reduce the scan time dramatically. Scan time reduction is reduced because there is load balancing and also an opportunity to put scanners closer to their scanned networks. Lastly, as far as scan configuration, you should likely be performing this scan with safe_checks enabled. This will decrease your scan time. We did a BLOG entry on that topic last week: http://blog.tenablesecurity.com/2006/09/understanding_t.html Ron Gula, CTO Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
