Hello all,

I have been using the VSS service for a few weeks now and everything was running fine. Well, I realized the nessus box was behind a CheckPoint device with SmartDefense and so moved it to an unfirewalled port. Long story short, I've reconnected the SMP to the new IP of the Nessus server.

The problem I am having is that the Nessus options inside the SMP interface are not being honored during a scan. Right now scans are not possible because it always tries to launch ping_host.nasl, which if it sees no response will kill the scan. I've temporarily fixed the issue by moving the ping_host.nasl script out of the /lib directory.

I've tested in the Settings tab under Vulnerability Scanning turning on/off the 'Ping the Remote Host' option. However even after saving when it is on or off, when the scan is launched it always attempts to use the ping_host.nasl script.

If anyone can elaborate on how the SMP goes about this process and possible causes for this, it would be much appreciated.

Thanks,
Ryan Gravlin

Hi Ryan,

The Nessus plugins may have dependencies between them, meaning some plugin may be dependent on one or more other plugins. These dependencies are defined in the plugin script (.nasl file).
If plugin A is depends on plugin B and when the "plugin dependencies" is turned on (configurable via the server config file), the server will first run plugin B and only if it succeeds, it will run plugin A; This is done in order to prevent redundant tests from being run, e.g. if the SMB detection plugin fails, all other SMB tests will not run.

Now to a solution for your problem, apparently most port scan plugins depend on the ping plugin for some reason, and there is no way to circumvent it, so you might want to disable the plugin entirely, this can be done by removing the plugin, but better yet, if you configure the ping-host plugin and set both TCP-ping and ICMP-ping to No, it will actually make it sterile.

HTH,
/Shachar

I think I've figured out the problem!

Using what you've said I wanted to try a few more things.

I removed ALL text from ALL fields in the 'Ping the Remote Host' plugin. This includes TCP destination port(s) and Number of ICMP retries. After I removed this information and saved the settings, the scan is now working completely.

I still don't get the Scan Duration, but I suppose I can live with it

Thanks again for your help Shachar,
Ryan Gravlin

Hello again!

I seem to have run into another problem. I am aware this may be related to the Nessus installation and/or Linux configuration, but I am at a loss and hoping someone here may have some knowledge about this!

Something is getting fubard during a reboot of the Nessus server. Basically my posts below show the problem. The ping_host.nasl plugin I guess is using defaults, and when the gateway doesn't respond to the ping it assumes the host is dead and discontinues the scan. My fix was to remove all information and checkmarks from the 'Ping the remote host' option.

I've found a temporary solution that involves re-saving the 'Port Scan' settings. If I launch another scan after I've saved the settings, everything works as normal and the ping_host.nasl script is basically ignored.

To recap:

1) Nessus server reboots (for whatever reason)
2) ping_host.nasl resets to default settings
3) Nessus scans provide no information because there is no ping reply
4) Using the Vulnerability Scan options in SMP I hit 'SAVE' on the 'Port Scan' tab
5) Nessus scan goes back to working as normal

Any information would be greatly appreciated.