Hi In my experience with similar scanners, the key to running a packet generating scanner from a (VMWARE) VM was to ensure that there was NO PACKET FILTERING firewall on the host NIC if you were using a virtual NIC to run the scan from. In fact a typical scan machine for mid-sized work was a Windows host with a Linux guest - the client being on windows and the scanner being on Linux.
Any firewall on the host NIC will affect the guest OS, reducing the significance of the scan to zero. On the other hand, I found it good practice to place the actual scan engine on a dedicated device in a remote network and access the scan machine remotely via BOTH VPN AND an encrypted client-server connection (SSH, SSL). However you had to be sure the device hosting the scan engine was locked down logically and physically to prevent tampering 2008/5/19 Sam Stern <[EMAIL PROTECTED]>: > Hi Joe, > > > > To be direct it does work, just not well if you make the wrong architectural > choices. To more complete in my answer: > > > > Yes, you can use Nessus to scan or be hosted in any virtual machine you want > assuming the virtual machine has its own bridged ip (in my experience it > does not work if you try to use VMware Nat or vpc Nat). That said, I find > virtual machines tend to drop allot of packets esp. under load and when not > using the virtual machines "extensions". So host Nessus on the host system, > and scan the bridged ip from the host to the VM works the best. I find > scanning the host from the Virtual Machine is less effective. It's also more > effective to have your Virtual machine on its own hard drive – using a > different adapter (or less effectively, a separate channel) from the drive > that holds the host os. > > I find that VMware drops packets less than VPC 2004 (I've not used VPC 2007 > so I can't say if the virtual nic code has gotten better or not). In my > experience, Nessus and virtual machines work the best when your host system > uses a professional grade dual or quad Intel or 3com based nic (AVOID > Adaptec, Broadcom and Realtek based nics they are cheap for a reason) and > assign the virtual machine a different physical port on that nic than the > host uses; then scan over a professional quality switch that is not set to > firewall or filter any traffic (even broadcast traffic). You can also link > the two ports with a crossover cable. Also, you need to completely disable > the XP firewall by stopping the "Firewall and ics" service – otherwise it > will silently drop certain forms of inbound traffic (regardless of your > logging options) – especially broadcast traffic. Lastly, make certain the > virtual machine is hosted fully in memory and is not swapped out to swap > file. > > > > HTH > > > > Sam S. > > > > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of [EMAIL PROTECTED] > Sent: Sunday, May 18, 2008 8:25 AM > To: [email protected] > Subject: Nessus and MS Virtual PC 2007 > > > > Hello, > > > > Nobody has an answer to my question? > > > > -------------- Forwarded Message: -------------- > From: [EMAIL PROTECTED] > To: [email protected] > Subject: Nessus and MS Virtual PC 2007 > Date: Fri, 16 May 2008 14:15:08 +0000 > > Hello, > > > > Can Nessus 3.2 for Windows XP Pro be used on Microsoft Virtual PC 2007? > > > > After installing Nessus and trying to connect through the client I keep > receiving a message that no connection to the server can be made because > the IP and/or the port is incorrect. There is no anti-virus installed and > the firewall is turned off on the virtual machine instance. > > > > All defaults are used during the setup and plugins were updated. > > > > Thanks, > > Joe > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
