How to Limit Nessus plugins to checking a single port or a short list of explicit ports.

Some firewalls have a real-time countermeasure blacklisting the source IP of a scan after it hits 3 or so ports.   If I know that 443 or 8080 are open and I want Nessus to check for vulnerabilities on those ports without tripping the blacklist, how can I limit Nessus to 443 and/or 8080.  Limiting the "Scanning" built into Nessus does not seem limit the ports checked by the plugins.  Other than setting up some external outbound packet filtering, is there a way to limit the Nessus plugins to a single port.  
swbruce21Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

scaliouetteCommented:
Nessus may be a free utility but I imagine that its specific to whatever the software was originally intended to do.  Unless there are particular switches built into the application, you may need to contact the creator of this software.
uberpoopCommented:
I don't have my laptop in front of me... that is my hacking rig....
but, there is a file in nessus that details the default ports to scan... I believe it is called nessus-services.
I bet if you edit that file to only include what you want to scan, you would be good to go.
You could also use the user rules to only allow a certain nessus user to scan certain ports...
Most people never setup user rules, my self included, so you would have to research the exact rule syntax yourself....
but for sure nessus can do what you want.
swbruce21Author Commented:
I will do a test again but the scan setting only seems to control the preliminary scans, not the plugins.
tnapolitanoCommented:
There are 2 portions to a Nessus scan: portscanning and vulnerability checks.

You can limit ports scanned by going to the Scan Options tab, and entering the desired ports in Port Range (ex: 80,443,8080). To limit vulnerability check to those ports, either choose plugins for services   that run on the selected port or modify the plugins (at your own risk).  



 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
swbruce21Author Commented:
I guess there isn't a good answer to this question.   The plugins test ports based on their own hard-wired design,  so there is no simple way to confine all activity to a single port on the target.   ( that's my conclusion at this time - it could be wrong )
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Components

From novice to tech pro — start learning today.