Re: Nessus Scan

[David Jacoby <security () outpost24 com>]

Mike F wrote:
> After a recent external PCI Compliant scan one of my web servers failed
> because the scanner determine that  "a port was open at the beginning of the
> scan, and is now closed...".  I've tried all sorts of things to get this
> corrected the results remain. I talked with our scanning vendor they don't
> seem to have answer as to how to correct the problem. When I do a Nessus
> Scan on the site, Nessus reports the issue as a security note and risk
> factor of '0', however the my PCI scanning vendor reports the problem as a
> risk factor of 4 thus causing the server to fail the scan and resulting a
> non-compliance report.

Outpost24 is a automated vulnerability scanning vendor and we have
seen similar behavior, when we where looking into the problem we often
saw that it was data ports that was opened, especially if the server
was having alot of traffic going thought it.

> I haven't been able to find anything on how to address this issue. Where
> should i look to resolve this problem

Do you get this result about the open port every time you scan the
machine? If you are running *NIX cant you check with netstat to see
which process thats listening on that port?

Best regards,
David Jacoby


-- 

David Jacoby
Vice President Customer Experience
http://www.outpost24.com