Well this would make sense if you were scanning client machines without firewalls or a server that responds on one port than opens up other ports for various communication. If a user were to browse to various websites, they might have a slew of random open ports (they'll probably be relatively incremental if it's the same program). These will change during the session and will close when their session ends. You might just be seeing this.
Steven > I've noticed when scanning "busy" targets with many active TCP > connections, that I'll see on some of these hosts, findings that a service > stopped responding after a prior successful attempt. > > In remediation, the port referenced in the report is no longer available, > checked both on the host, and from different host, attempting to connect > to that port. > > So I'm wondering if Nessus may have found a port open that was being used > for communication to a 3rd client PC, and the port was closed at the end > of the session with the 3rd client PC, so Nessus, seeing the port > disappear, flagged it as a possible DoS, when it was just a normal > communication channel that ended/closed between the target server and a > 3rd client. > > Make sense? Possible? > > Thanks, > Mike_______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
