[Full-Disclosure] Nessus experience

From: Mr. Rufus Faloofus (foofus_at_foofus.net)
Date: 10/13/04

  • Next message: Andrew Smith: "Re: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??!"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 13 Oct 2004 10:55:20 -0500
    
    

    Greetings, full-disclosure!

    From time to time I find myself needing to estimate the time it takes
    to run Nessus against various network ranges. For some reason, it
    always seems to take longer than I expect, and I'm wondering if:

      1: I am doing something wrong (this is always a possibility)
      2: Nessus has been getting slower over time

    Specifically, with two laptops (each with 2GHz processor, and upwards
    of 600MB RAM), I recently tried to scan a range of two class C-size
    networks, to which I was directly connected via Ethernet. I had already
    done full nmaps of the hosts (this took about an hour), so I was not
    running nmap from within Nessus. I found that after over three hours,
    I had only been able to complete tests on 90-something hosts.

    This strikes me as unreasonably slow, for bulk automated testing, so
    first, I'd like to ask if these performance metrics are in line with
    others' experiences. I'd also solicit any hints people might have
    to offer on how they optimize performance, any rules of thumb anyone
    might care to share about estimating times for Nessus runs.

    Thanks, in advance, to all helpful replies.

    --Foofus.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Andrew Smith: "Re: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??!"

    Relevant Pages

    • Re: Nessus 3.0 released
      ... is the inability to easily manage the nessus server-side resource ... course limit the number of consecutive scans, or even nice nessusd itself, ... there are many cases where the resource bottleneck is due to a particular ... That is, if the CPU is overloaded then the number of hosts scanned in parallel will go down, until the load average is 'sane' again. ...
      (Pen-Test)
    • Re: [Full-Disclosure] Nessus experience
      ... > others' experiences. ... > might care to share about estimating times for Nessus runs. ... how you have your .nessusrc file tweaked. ...
      (Full-Disclosure)
    • Win95 detection
      ... I have been given the task to scan for hosts that are running Windows 95 on ... I have tried scanning with Nmap and Nessus, ... across a tool that is able to detect Win95 hosts on the network. ...
      (Security-Basics)