Probing With Nessus

The nessus package at http://www.nessus.org/ is nmap on steroids. It can detect the systems on your network and the ports that are open on those systems. Not only that, it then probes those ports looking for known weaknesses and produces a nice set of HTML reports. These graphic reports are invaluable when determining what systems require security patches.

One should be a bit careful before blindly unleashing nessus on a network. While nessus is more than happy to probe all of the systems in your network, I've found that some of my systems do not handle the probing very well. My Linux and Windows systems all seem to survive. My LinkSys router also seemed to come through. However, my wife's IP phone and a old D-Link router needed to be reset after being probed by nessus. Also, my networked printer seems to survive the nessus probe, but puts out 10 or so pages of garbage each time its probed.

So, in general, I'd recommend that you carefully limit the systems which you probe on the network. Or, at a minimum, that you turn off your networked printers.

This concludes a sample session of using nessus from a running Network Security Toolkit probe. It should be enough to get you started at exploring the weaknesses in your local network. Hopefully, you will be wise and learn from my mistakes (avoid scanning your printers).