2008-03-15

[en] Nessus 3.2 is out!

Nessus 3.2 was announced on 2008-03-12. It contains many improvements for which I have no responsibility, and a new version of nessus_tcp_scanner.
  • Simplified options
    • Two former boolean options (and a new one that was not seen by anybody but me) were merged into a single Firewall detection four level cursor:
      • Disabled
      • Do not detect RST rate limitation
      • Normal / automatic
      • Ignore closed ports
    • Congestion detection was removed, it is now hidden in nessusd.conf
    • Scan ports in random order is still here, although I don't think that many people will ever touch it.
  • Unfiltered ports are regularly probed.
    I added that first to get a better RTT (ping time) estimation; this is a crucial parameter for a userland TCP scanner. This feature is also (mainly?) used now to detect congestion.
    This piece of code works on any OS and is more sensitive than the previous kernelland (Linux only) detector -- I don't criticize the Penguin, I'm still amazed that this kernelland detector works with a such a psychotic software; portscan is definitely not a "normal" use of a TCP/IP stack.
    As the detector detects rather well, I slightly increased the aggressivity of the cyber-monster.
    I hope that very slow links can now be scanned in a reasonable time without being overloaded even in hellish conditions (lost packets, long & changing RTT), at worst by using the most cautious parameters:
    • safe_checks=1
    • max_checks=1
    • Firewall detection=Disabled
To avoid interminable scans (they do not make much sense), the scanner gets restless after 40 minutes (default value). At the first timeout, it moves the aggressivity cursor to the fourth choice (ignore closed ports), at the second, it stops at the end of the current phase, at the third, it does sepuku at once.
Finally, for the ones who are eager to shoot themselves in the foot, here are a few hidden option from nessusd.conf, with their default values:
  • nessus_tcp_scanner.send_regular_probes=yes
  • nessus_tcp_scanner.unlimited_rtt=no
  • nessus_tcp_scanner.portscan_timeout=2400
  • use_kernel_congestion_detection=no (was "yes" en 3.0 et 3.1)
  • stop_scan_on_disconnect=yes
  • nessus_tcp_scanner.max_pass=16

Labels: ,

0 Comments:

Post a Comment

<< Home