NSock error when scanning nessusd

[Tom Sellers <nmap () fadedcode net>]

I came across a nessusd instance today that I knew should have a fingerprint
but was unidentified by Nmap.

Nmap reports the following:

PORT     STATE SERVICE     VERSION
1241/tcp open  ssl/unknown


After checking that the service response to the probe matched the match line
I ran the scan again with -d and -v.  I can see where nessus gets a service
match here:

Service scan match (Probe SSLSessionReq matched with SSLSessionReq): xxx.xxx.xxx.113:1241 is ssl.  Version: |Nessus 
security scanner|||


but then it does this:

NSOCK (6.2400s) msevent_new (IOD #2) (EID #41)
NSOCK (6.2400s) SSL/TCP connection requested to xxx.xxx.xxx.113:1241 (IOD #2) EID 41
NSOCK (6.2400s) msevent_delete (IOD #2) (EID #34)
NSOCK (6.2400s) wait_for_events
NSOCK (7.3500s) wait_for_events
NSOCK (7.3500s) Callback: SSL-CONNECT ERROR [Unknown error (10107)] for EID 41 [xxx.xxx.xxx.113:1241]
Got nsock CONNECT response with status ERROR - aborting this service
NSOCK (7.3500s) msevent_delete (IOD #2) (EID #41)

and gives up the fingerprint of this service.

It did this over multiple scans using NMap 4.65 and a version of Nmap checked
out of SVN this morning.  I have attached a file containing the normal scan
output and then another scan using  -v -d9 -n -p1241 --version-trace -sV

If it matters both hosts are on the same subnet.

Version information:

Nmap version:   Nmap 4.65
Nessus version: nessusd (Nessus) 3.0.6. [build 283] for Linux


Tom

Attachment: nessus_debug.txt
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org