We implemented the Nessus scan first off, back when it was Perfigo we were
installing. If your students are good, they've got the Windows firewall turned
on, at least, and that's why you're seeing the timeout results. Have a look at a
Mac or some other OS system to see something more interesting.

We don't have administrative accounts on our students' systems, so we haven't
gone as far down the road as you. We do allow CCA to attempt the default
accounts, just to find those with open Administrator accounts.

We have vulnerability set only on HOLE, so I'm not seeing the behaviour you are.
It's always possible our version (3.5.4, still) is behaving differently than yours.

--Cal Frye, Network Administrator, Oberlin College
   www.calfrye.com, www.pitalabs.com, www.ouuf.org

  "The test of courage comes when we are in the minority; the test of tolerance
comes when we are in the majority." -- Ralph W. Sockman.


Dennis Xu wrote:
> How do you implement CCA Nessus scan? Typically what kinds of plugins do 
> you enable for clients? 
> 
> I tried some plugins and always end with “timeout” result. I have disabled 
> the firewall at client side. I thought I may need a SMB login account 
> configured on CCA. I did this through “Network Scanner” – “Scan Setup” –
>  “Options” – “Login Configurations”. I configured “SMB login account” 
> and “SMB password”. Still no luck. I captured packets at client side 
> during the nessus scan, I found CCA always try the three default accounts 
> for SMB login:  null, administrator and a random name(nesssusxxxxxxxx). It 
> did not use the account I configured. What could be wrong?
> 
> Another problem is when I configured the vulnerability level to be “hole, 
> warn”, and when the scan result is “warn”, it still shows “no 
> vulnerability” to client and client is not put into quarantine role. 
> 
> Thanks!
> 
> -----------------------------------
> 
> Dennis Xu
> 
> Network Analyst (CCS)
> 
> University of Guelph
> 
> 519-824-4120x56217
> 
> [log in to unmask]
>