Nessus Tip: auditing services on non-standard ports

Archive for April, 2010

Nessus Tip: auditing services on non-standard ports

Posted by

One security trick is to host network services on different ports. For example, a web server may be on 8080 or a database server may be on 3333; instead of TCP 80 and 3306 respectively. This is also an operations trick for scenarios that may have port conflicts, like clustering and nat’ing.

Non-standard TCP ports can cause vulnerabilities to be missed when scanning with Nessus. Nessus, by default, only checks known ports.

The workaround is to preload the plugins (for example, Apache and MySQL) and to set Nessus to check all ports. Under the scan policy preferences section, check “Probe services on every port” and “Thorough tests”. That will give you a more complete picture of the target’s security posture.

For more information, see:

Using Nessus Thorough Checks for In-depth Audits
http://blog.tenablesecurity.com/2010/03/using-nessus-thorough-checks-for-indepth-audits.html