Nessus Scans over a VPN
Michael J McCafferty
mike at m5computersecurity.com
Wed Jan 12 12:41:42 EST 2005
TJ,
The VPN device may not be able to keep up with the number of packets your
are hurling over the VPN during a port scan of more than one host at a
time. This is dependent upon the encryption algorithm (for example 3DES is
more taxing than AES) and the CPU in your VPN device, and the speed of the
scan and/or network.
For reference, I once tried a scan over an 3DES IPSec VPN, 3Mbps Internet
connection, 10 hosts at a time, with an older model WatchGuard FireBox, and
it DoS'd the VPN firewall. The admin rebooted it after it was unresponsive
for only 2 minutes. Who knows if it would have recovered. Ahhh, mistakes,
we learn from them.
From then on, for locations that need to be scanned that I will not be
visiting personally which have may suffer the same fate as the one above, I
ship a small PC (a shuttle) or a 14" deep 1U system with Nessus installed
on it. I ssh into the box over the VPN and do the scan. A nice touch is to
ship a return shipping label inside the box you ship the system to the
customer in... or you risk a delayed return of your hardware. The remote
location may not have it's own shipping facilities.
Mike
At 03:39 PM 1/11/2005 -0500, Firewall Administrator wrote:
>Greetings!
>
>I would like to know whether members of this list have any thoughts about
>whether one could run successful Nessus scans over a VPN link. I have
>read various concerns about running Nessus scans through a firewall, but
>haven't seen anything about doing it through a VPN.
>
>What would the potential problems be? Network latency causing false
>positives (or false negatives)? Any thoughts from anyone who has tried this?
>
>Thanks in advance,
>
>TJ
>
>
>
>
>_______________________________________________
>Nessus mailing list
>Nessus at list.nessus.org
>http://mail.nessus.org/mailman/listinfo/nessus
************************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Hosting
http://www.m5hosting.com
You can have your own custom Dedicated Server up and running today !
OpenBSD, Fedora, RHEL, Debian, FreeBSD, and more
************************************************************
More information about the Nessus
mailing list