Nessus 2.2.0 - Hanging on down hosts

Sawall, Christopher L CSawall at ameren.com
Wed Nov 10 11:32:56 EST 2004 

> On Tue, Nov 09, 2004 at 08:40:51PM -0600, Sawall, Christopher L wrote:
> 
> > Has anyone had a problem with 2.2.0 hanging when trying to 
> scan a host 
> > that was down?
> 
> Works fine for me.
> 
> > If I purposely put just one host as the target that does
> > not exist, it takes about 56 minutes for the tests to fail 
> and Nessus 
> > to return to a state that I can move around.
> 
> What sort of port scanner(s) are you using? Are you scanning 
> UDP ports, by any chance?

tcp connect() scan
Ping the remote host
exclude toplevel domain wildcard host

See end of email some of the .nessusrc file.

> 
> > If I have a list of hosts and
> > have a host in the middle that is down, Nessus hangs when 
> it gets to 
> > that host.  Also, once it finally fails against the downed host, it 
> > aborts the rest of the scans, saves what it haves and quits.
> 
> You mean it doesn't scan the remaining hosts at all? What do you have 
> for max_hosts?

max_hosts = 20

> 
> Mind sending snippets of the nessusd logs around the time 
> this happens?
> 

Log details from nessusd.messages (I purposely scanned a hostname that
does not exist):

[Wed Nov 10 08:33:07 2004][2289] connection from 127.0.0.1
[Wed Nov 10 08:33:07 2004][21969] Client requested protocol version 12.
[Wed Nov 10 08:33:08 2004][21969] successful login of amerenscan from
127.0.0.1
[Wed Nov 10 08:33:30 2004][21969] Redirecting debugging output to
/usr/local/var/nessus/logs/nessusd.dump
[Wed Nov 10 08:33:55 2004][21969] user amerenscan : session will be
saved as
/usr/local/var/nessus/users/amerenscan/sessions/20041110-083355-index
[Wed Nov 10 08:33:59 2004][21969] user amerenscan starts a new attack.
Target(s) : secmon1, with max_hosts = 20 and max_checks = 4

As you can see, the scan started at 8:33.  What the log is not showing
is that at 9:21, I got an error. the  title was just "error" and the
message was "nessus returned an empty report".  I then logged out of the
client and quit the application.

Log info from nessusd.dump (just tailed the end):

[25315](/usr/local/lib/nessus/plugins/smb_host2sid.nasl) get_array_elem:
requesting character after end of string s (141 >= 92)
[25315](/usr/local/lib/nessus/plugins/smb_host2sid.nasl) get_array_elem:
requesting character after end of string s (142 >= 92)
[25315](/usr/local/lib/nessus/plugins/smb_host2sid.nasl) get_array_elem:
requesting character after end of string s (143 >= 92)
[25813] plug_set_key:internal_send(4)['3 ConnectTimeout/TCP/381=1;']:
Broken pipe

Concerning the dump log above, there are a ton of the smb_host2sid.nasl
entries.  It would be nice if there was a time entry to correlate the
entries.

trusted_ca = /usr/local/com/nessus/CA/cacert.pem
nessusd_host = localhost
nessusd_user = amerenscan
paranoia_level = 1
begin(SCANNER_SET)
 10180 = yes
 10277 = yes
 10278 = yes
 10331 = no
 10335 = yes
 10841 = no
 10336 = no
 10796 = no
 11219 = no
 14259 = no
 14272 = no
 14274 = no
 14663 = no
 11840 = yes
end(SCANNER_SET)

begin(SERVER_PREFS)
 max_hosts = 20
 max_checks = 4
 ssl_version = TLSv1
 log_whole_attack = yes
 cgi_path = /cgi-bin:/scripts
 port_range = default
 optimize_test = yes
 language = english
 checks_read_timeout = 5
 non_simult_ports = 139, 445
 plugins_timeout = 320
 safe_checks = yes
 auto_enable_dependencies = yes
 use_mac_addr = no
 save_knowledge_base = yes
 kb_restore = yes
 only_test_hosts_whose_kb_we_dont_have = no
 only_test_hosts_whose_kb_we_have = no
 kb_dont_replay_scanners = no
 kb_dont_replay_info_gathering = no
 kb_dont_replay_attacks = no
 kb_dont_replay_denials = no
 kb_max_age = 864000
 plugin_upload = no
 plugin_upload_suffixes = .nasl, .inc
 slice_network_addresses = no
 save_session = yes
 save_empty_sessions = no
 host_expansion = ip
 ping_hosts = no
 reverse_lookup = yes
 detached_scan = no
 continuous_scan = no
 unscanned_closed = no
end(SERVER_PREFS)

begin(SERVER_INFO)
 server_info_nessusd_version = 2.2.0
 server_info_libnasl_version = 2.2.0
 server_info_libnessus_version = 2.2.0
 server_info_thread_manager = fork
 server_info_os = Linux
 server_info_os_version = 2.6.8-1.521smp
end(SERVER_INFO)

Thanks for your time and effort in trying to help me.

Chris


*******************************
The information contained in this message may be privileged and/or confidential and 
protected from disclosure. If the reader of this message is not the intended recipient, 
or an employee or agent responsible for delivering this message to the intended recipient, 
you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. Note that any views or opinions presented in this 
message are solely those of the author and do not necessarily represent those of Ameren. 
All emails are subject to monitoring and archival. Finally, the recipient should check 
this message and any attachments for the presence of viruses. Ameren accepts no liability 
for any damage caused by any virus transmitted by this email. If you have received this in 
error, please notify the sender immediately by replying to the message and deleting the 
material from any computer. Ameren Corporation 
*******************************

More information about the Nessus mailing list