On Sat, 12 May 2007 03:26:28 +0000 "Asterisks *" <[EMAIL PROTECTED]> wrote:
> Is it necessary to activate all the port scanners? Not all of them. But at least one of them. e.g. SYN scan or TCP scan. > If 1 port scanner can do the job then why do we need so > many in the family? SNMP and netstat can do the job very quickly and safely, but they need credentials on the target, so they may fail. If they succeed, they will return the full list of open ports, as if you scanned 1-65535. If you wanted to restrict your range (e.g. only test your web servers on 80 & 443), then you must disable them. TCP scan is quick but more resource greedy then SYN scan. It can go mad and slow down considerably in some pathological cases. SYN scan is slower but its behaviour is more consistent. Calling external programs (Nmap or Amap) is very expensive (especially Nmap which needs kazillons of memory). Nmap can be horribly slow in pathological cases (TCP scan performs much better); IMHO, there is no need now for it, that's why the wrapper (nmap.nasl) was removed from the plugin feed. Amap is not a very efficient port scanner, but it has a very good service recognition feature. It is rather intrusive, unfortunately. If you really want to try one of those, it is better to run them beforehand, save the result to a file, and then import the file into Nessus. However, unless you have very specific needs, you'd better play with the internal scanners. In short: - unless you want a restricted port range, enable SNMP and netstat. Then chose one of the two "active" scanners: - if you do not have an crazy IPS or a psychotic firewall, or an awfully slow or fragile network, use TCP scan. Otherwise, use SYN scan. If you are afraid of missing an open port, enable both, but this will be slow. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
