Home page logo

basics logo Security Basics mailing list archives

Re: Nessus Scan
From: David Jacoby <security () outpost24 com>
Date: Thu, 16 Aug 2007 07:54:16 +0200

Mike F wrote:
After a recent external PCI Compliant scan one of my web servers failed
because the scanner determine that  "a port was open at the beginning of the
scan, and is now closed...".  I've tried all sorts of things to get this
corrected the results remain. I talked with our scanning vendor they don't
seem to have answer as to how to correct the problem. When I do a Nessus
Scan on the site, Nessus reports the issue as a security note and risk
factor of '0', however the my PCI scanning vendor reports the problem as a
risk factor of 4 thus causing the server to fail the scan and resulting a
non-compliance report.

Outpost24 is a automated vulnerability scanning vendor and we have
seen similar behavior, when we where looking into the problem we often
saw that it was data ports that was opened, especially if the server
was having alot of traffic going thought it.

I haven't been able to find anything on how to address this issue. Where
should i look to resolve this problem

Do you get this result about the open port every time you scan the
machine? If you are running *NIX cant you check with netstat to see
which process thats listening on that port?

Best regards,
David Jacoby


David Jacoby
Vice President Customer Experience

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]