Discussion:
False OS X detection with no report info
Richard Puerto
2009-02-17 14:22:51 UTC
Permalink
We have been getting some scan reports that show the host as OS X but then
no results information. It seems that it is happening when the scanner
encounters ports on a switch that has port redirection enabled.

Does anyone know how to configure Nessus to ignore port redirection or OS X
scanning ?

Richard
Ron Gula
2009-02-17 14:38:59 UTC
Permalink
Post by Richard Puerto
We have been getting some scan reports that show the host as OS X but then
no results information. It seems that it is happening when the scanner
encounters ports on a switch that has port redirection enabled.
Does anyone know how to configure Nessus to ignore port redirection or OS X
scanning ?
Richard
This would be an excellent discussion on the new Discussion portal located
here:

https://discussions.nessus.org/index.jspa

If you are targeting an IP address and a port or firewall or other network
device is tacking certain ports and redirecting them to other IP addresses,
this will effect the results that Nessus (or any other network scanner)
will see.

In this situation, I'd recommend you restrict your audit to just the ports
you know that the OS X system is listening on, or that you perform a 100%
credentialed patch audit. Of course if you can change the location of your
Nessus scanner to a point behind the redirection, this will give you direct
access to the OS X as well.

Ron Gula
Tenable Network Security

Loading...