You're right... we found that McAfee Desktop Firewall black list the nessus server ip because of a tcp scan detection...
Thank you! Steve 2008/4/8, Rui Chilro <[EMAIL PROTECTED]>: > > Hi there, > > This may seem naive but i had a similar problem and found out that the > linux server built additional rules to the firewall to block my nessus > server. > > Glad if it help! > > > > Cheers > > > > Rui > > > > > ------------------------------ > > *De:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *Em nome de *Steve Royer > *Enviada:* terça-feira, 8 de Abril de 2008 15:33 > *Para:* [email protected] > *Assunto:* After a scan... host is considered as dead. > > > > Hello everyone, > > > > Francesco Sottini post a message recently.. I have a similar problem. > > > > Consider a host A (Windows XP) and a nessus server B (installed on Windows > XP). > > > > For the 1st scan of A, everything work correctly... (B ping A and A ping > B) > > > > But subsequently scan of A give me alway the same result "Remote host is > considered as dead..." > > I've force Nessus to disable pinging but the result remain the same... > > > > Within a shell on B, I cannot ping A and within a shell on A I cannot ping > B (100% packet loss). > > > > In fact, on A I can ping every server on my network exept where was coming > the first scan (Nessus server) > > And on B I can ping every workstation that have'nt been scanned. > > > > I'm using Nessus 3.2.0. > > > > This was a scenario where Nessus server is installed on Windows XP. The > same result occur for the new Nessus Server rpm 3.0.6 on redhat. > > > > Thank you > > Steve > > > > > > >* > *>* On Apr 8, 2008, at 1:57 PM, francesco sottini wrote: > *>* > *>* > Dears, > *>* > > *>* > I am doing an university project and the final goal is to scan 4 > *>* > hosts and report all the problems that we meet. > *>* > Well, the 4 hosts are on a private network. to scan them, we have to > *>* > connect with the nessus client to a nessus server and then scan the > *>* > target. > *>* > The problem is that for an host, i obtain always the result:" The > *>* > remote host is considered as dead - not scanning". > *>* > > *>* > I suppose that on that host, declared fromt he professor "an hard > *>* > challenge", there is a kind of IDS or honeypot.. > *>* > > *>* > what can i do? > *>* > *>* You can force Nessus to disable pinging the remote host prior to > *>* scanning. Edit your policy -> advanced -> "Ping the remote host" and > *>* uncheck all the boxes (ICMP ping, TCP ping and ARP ping). > * >
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
