Is this expected output or a bug?
Greg Kuhnert
gregk at no1.com.au
Sun Nov 14 20:21:57 EST 2004
I have been looking at some of the output from Nessus, and I am trying
to understand if the results I am seeing are expected, or the result of
an "undocumented feature".
To help understand the problem, I have a sample nessus config files and
output available for anyone who has some time to look at the problem...
but before getting to the data, here are the symptoms:
1. I get duplicate (2) "host_start" timestamp messages in the output
2. I get duplicate (2) "host_stop" timestamp messages in the output
3. There are duplicate "open port" messages. The number of duplicates is
not fixed. I cannot seen an obvious reason for the variable number of
duplicate entries. Possibly duplciated due to the number of different
port scanners that try and hit the same port. Possibly a duplicate per
different scanner.
4. There are duplicate plugin "hits". Ie: The same plugin appears
multiple times in the report. Possibly duplicated the same number of
times that the port required was detected. I have not checked in detail.
5. Having checked the nessusd.messages log file, the same scan options
are executed twice. The number of times a plugin is executed appears to
match the number of duplicate entries in the output when a vulnerability
is detected.
nessusd.messages:[Mon Nov 15 01:04:44 2004][485] user inprotect :
launching proftpd_user_enum.nasl against 1.1.1.1 [897]
nessusd.messages:[Mon Nov 15 01:04:44 2004][485] proftpd_user_enum.nasl
(process 897) finished its job in 0.171 seconds
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] user inprotect :
launching proftpd_user_enum.nasl against 1.1.1.1 [945]
nessusd.messages:[Mon Nov 15 01:04:44 2004][484] proftpd_user_enum.nasl
(process 945) finished its job in 0.079 seconds
The command that was executed is listed below:
nessus -qx 127.0.0.1 1241 user pass target_s459 nessus_s459.out -V -T
nbe -c nessus_s459.cfg
All data including log information, nessusrc file, and output data is
available for analysis at
http://inprotect-devel.ana.no1.com.au/nessusdata/
More information about the Nessus
mailing list