Penetration Testing mailing list archives
Re: Nessus 3.0 released
From: Renaud Deraison <deraison () nessus org>
Date: Tue, 13 Dec 2005 15:54:55 -0500
On Dec 13, 2005, at 15:43, Erin Carroll wrote:
One key performance issue I've run into (and I'm prbably not alone here)is the inability to easily manage the nessus server-side resource utilization when working with large numbers of hosts. While you can ofcourse limit the number of consecutive scans, or even nice nessusd itself, there are many cases where the resource bottleneck is due to a particular plugin or a well filtered host (as you allude). Is there capability withinthe engine itself (or plans to implement) a way for nessusd to set resource limits that don't rely on variables like the # of scanned hosts/concurrent scan threads? I.e. nessus can use up to X %age of available memory/cpu/IO and self-throttle.
nessusd 3 throttles itself but only if the CPU is badly overloaded ('throttle_scan' in nessusd.conf). That is, if the CPU is overloaded then the number of hosts scanned in parallel will go down, until the load average is 'sane' again. However at the moment it's more a safety belt than something which should be depended on -- basically the 'sanity' of the load average directly depends on how many hosts you wanted to test in the first place.
This kind of feature will be more suitable in Nessus 3.2 which will be the 'part two' of our global optimization process.
In terms of max_checks, you should keep it to a reasonable value (ie: 4) -- anything too high is likely to interfere too much with the remote host otherwise (think inetd closing ports on older Unices).
-- Renaud
--
Renaud Deraison
http://www.nessus.org
http://www.tenablesecurity.com
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Renaud Deraison (Dec 13)
- Re: Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Renaud Deraison (Dec 14)
- Re: Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Brian Smith-Sweeney (Dec 13)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap Renaud Deraison (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap Brian Smith-Sweeney (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 18)
- Nessus and Hydra Fabien Degouet (Dec 31)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 14)
- Re: Nessus 3.0 released Renaud Deraison (Dec 13)
- <Possible follow-ups>
- RE: Nessus 3.0 released Josh Perrymon (Dec 13)
- RE: Nessus 3.0 released Josh Perrymon (Dec 14)
- Re: RE: Nessus 3.0 released nospam (Dec 17)