Re: Nessus Scan

Can you not simply contest their finding as being baseless in fact? It wouldn't be the first time. Nessus and other scanners always find things, especially depending on their configuration, that the auditor needs to know to disregard as needed. Tell them where in the written policy it requires this port to be closed in order to pass. Ask them on what basis they changed the vendor's severity rating from low to critical.

Does their scan perhaps pass through a firewall like Checkpoint that performs TCP SYN proxying in order to defend against SYN floods? Maybe that is part of the problem? Does the OS detection reported by Nessus match the OS running on the target host, or is it detecting the OS running on an intermediate firewall?

kind regards,
Karl Levinson