On Jun 7, 2007, at 2:50 AM, jason stallings wrote:
Is there a way to give a port range for each target in the external
targets file...
is there a way at all?
No, you'd need to do a different scan for each target.
However, with the Nessus 3.1.x beta, what you can do is to define
rules to forbid some ports for some targets -- that is, you end up
sharing the same global port range but deny some ports to some hosts.
For instance, you could set the port range to 1-65535 and then poke
some holes in that for every host in nessusd.rules :
# Forbid connecting on ports > 1024 for the 192.168.2.0/24 subnet
reject 192.168.2.0/24:1024-65535
# Forbid connecting on port 80 on your router
reject 192.168.2.1:80
# Always reject connecting on port 9100
reject 0.0.0.0/0:9100
etc...
Note that if you modify nessusd.rules, you'll need to restart nessusd
for the changes to take effect.
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
