Thanks for the reply! One thing I've come to think about: My ISP has suffered many DDoS-attacks, I have no idea why. However, could it be that they have installed a firewall on the router that makes this go so slow?
On Friday 14 November 2003 20:27, Brent Miller wrote: > Kjetil Kjernsmo wrote: > > However, the initial portscan takes an extremely long time... > > Actually, I haven't seen it finish, because I had to turn my > > computer off at night... :-) But something like 10 hours, it seems > > like it would need to do a portscan... WTF? There's is a progress > > bar, it moves this slow. > > One thing to consider is that the progress bar for a nmap scan is > bogus--it doesn't actually relate to the actuall progress of nmap. > Nmap could have frozen, etc. OK.... > > It is just a normal portscan using nmap, that's what nessus starts > > with, isn't it...? Something that usually would take like, 6 > > minutes... > > > > Looking at the network load of the server, the first 6 minutes or > > so of the process, it is high, but the after that, there seems to > > be no abnormal traffic. > > Do you have udp scanning turned on? Nope. > > However, if that's not the case, I have run into this before on a > couple of machines using only the nmap SYN scan. I find that if I run > nmap against these machines outside of nessus, nmap spits out a ton > of messages about timing problems and other debugging stuff. What I > do is run nmap on *those* machines so that they're scanning > themselves and turn on nmap file logging (-oN scan_results.txt.) I > then copy that file to the computer that I'm running the nessus > client on. Then all you have to do is tell the nessus client to read > the scan results from that file (Under nmap preferences.) OK, that sounds like a neat solution! I tried that, and got a file that looks like this: # nmap 3.48 scan initiated Fri Nov 14 21:03:01 2003 as: nmap -oN scan_results.txt pooh Interesting ports on pooh.kjernsmo.net (217.77.32.186): (The 1652 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 4/tcp open unknown 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 # Nmap run completed at Fri Nov 14 21:04:54 2003 -- 1 IP address (1 host up) scanned in 113.128 seconds So, I entered the filename into "File containing nmap's results", but at first sight, it just starts another slow scan, ps says root 1978 0.0 0.7 5548 3872 ? SN 21:51 0:00 nessusd: testing pooh.kjernsmo.net (/usr/lib/nessus/plugins/ nmap_tcp_connect.nes) Do I have to toggle some of the other options? Timing policy option? I've tried to set it to custom and normal, but then, it should be largely irrelevant....? > Also, if > you're not concerned about rpc, udp, and os fingerprinting, just turn > off the nmap scan and use nessus's built-in SYN and tcp connect() > scans which can be faster. OK! How do I turn off the nmap scan? Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
