RE: Nessus Scan

[Chandresh Dedhia <ChandreshD () shoppersstop co in>]

Hi,

  I would suggest you to use the service from scan alert which is an approved scan vendor from VISA / MasterCard and is 
free. Also what I have experienced that different vendors rate the level of risk differently.

Thanks & Regards
Chandresh Dedhia

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mikef () everfast com
Sent: Wednesday, August 15, 2007 8:01 PM
To: security-basics () securityfocus com
Subject: Nessus Scan

After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that  "a port was 
open at the beginning of the scan, and is now closed...".  I've tried all sorts of things to get this corrected the 
results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When 
I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI 
scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a 
non-compliance report.

I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem

This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain 
material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION.  Any review or reliance by others or copying or 
distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the 
intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is 
appreciated.