Nessus synscan.nes kernel 2.6.6 performance issue

[Confused Scanner]

Hello,

I am experiencing a peculiarity with nessus (2.0.7,
2.0.10, 2.0.12) on debian testing.

I was using custom kernel 2.6.6 (on a Mobile P4 1.6
Mhz 1GB RAM) to scan some firewalls and routers, and
noticed that a 65000 port scan took a very long time
(longer than the long time I was expecting).

I noticed that the delay occured during the second
phase of the port scan (while the bar in the GUI hangs
around at 98%). 

I then tried with NMAP and observed the same behaviour
(NMAP seems to have finished, nessus takes over). 

Looking at tcpdump and top it seems that nessus is
sending out a second run of packets to the host being
scanned, and during this part of the scan each host
being scanned took around 65% of the processor!

So 5 hosts and the system slowed to a crawl, comparing
this to a PIII 733 system, that uses kernel 2.4.18 and
Nessus 2.0.7, each process at the same stage of the
Portscan used around 16-17% and could run 10 hosts and
still be reasonably timely.

So did the obvious thing and installed a custom 2.4.26
 
kernel and all was well. Except I don't know why this
should be a problem.

Has anyone else seen anything like this? Any idea what
synscan.nes is doing during the second phase?

Thanks in advance.

Paul


	
	
		
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun!  http://uk.messenger.yahoo.com