Re: Nessus 3.0 released

[Erin Carroll <amoeba () amoebazone com>]

On Tue, 13 Dec 2005, Renaud Deraison wrote:

Thanks for the response Renaud. My comments are inline below:

> In terms of performance, the "raw" nasl3 performance is roughly 16x  
> faster than nasl2, which puts the language on par with more  
> traditional languages like perl (and faster than python). In some  
> corner cases you can get an even more impressive performance  
> improvement, for instance when using recursive functions.
>
> Of course, since Nessus is a _network_ scanner, the bottleneck in the  
> end is the network itself, so a nasl engine which is N times faster  
> does not imply a scanner which is N times faster. An overall scan of  
> our lab (local network) takes twice as less time as it used to.  
> However some hosts are much faster -- in particular the Windows boxes  
> (the reason is that our SMB API is more complex code-wise that what  
> it used to be, so that's where one can see the biggest boost).

Sweet. Can't wait to test it out and crunch some comparisons myself.

One key performance issue I've run into (and I'm prbably not alone here)  
is the inability to easily manage the nessus server-side resource
utilization when working with large numbers of hosts. While you can of
course limit the number of consecutive scans, or even nice nessusd itself,
there are many cases where the resource bottleneck is due to a particular
plugin or a well filtered host (as you allude). Is there capability within
the engine itself (or plans to implement) a way for nessusd to set
resource limits that don't rely on variables like the # of scanned
hosts/concurrent scan threads? I.e. nessus can use up to X %age of
available memory/cpu/IO and self-throttle.

Trying to find that sweet spot for # of host scanned vs. memory/resource
utilization can sometimes mean the difference between a scan taking 
several hours and a couple of *days*... and the less juggling/guesswork on 
where that sweetspot would make me a happy camper.

> - We have also fixed many false positives over the last months. To  
> such an extent that we'll soon announce a "contest" were anyone  
> helping us fix 10 different false positives (and negatives) will  
> obtain a free direct feed, so we can be sure the nail the remaining  
> plugins which sometimes do not behave as expected (I'll repost about  
> that very soon).

Please let me know when you plan to roll that out and I'll make sure to 
pass it on to the pen-test list members.


-Erin Carroll
Moderator
SecurityFocus pen-test list


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------