Tenable Research Release Highlight Ping-Only Discovery Scan...
Tenable Research Release Highlight Ping-Only Discovery Scan Summary In response to customer feature requests for a lightweight, minimally intrusive host discovery scan, Tenable is providing a new Ping-Only Discovery scan template. The Ping-Only Discovery scan will provide scalpel-like tailoring of user specified protocols enabling fast discovery scans with minimal network traffic to scan targets. Change Ping-Only Discovery is a scan template similar to Host Discovery but with fewer checks and fewer packets sent on the wire. The Ping-Only Discovery scan will attempt to discover hosts with minimal network traffic. It sends ICMP pings by default and can be configured to attempt a TCP ping on the Discovery tab. A UDP ping can be configured, also, but will cause the scan time and packets sent to increase. The scan will not resolve FQDNs, will not run OS fingerprinting, and will not attempt to avoid Fragile Devices. Impact In an effort to minimize network traffic and discovery time, the scan will not attempt to identify fragile devices (printers, OT devices, etc) and will therefore send pings to any device in the Targets list. The simplest version, just sending an ICMP ping, shouldn’t cause any issues here, but be cautious if you know you are scanning these device types and you configure the ICMP plus TCP ping options for this scan. Discovery scans using this Ping-Only Discovery template will run 2 to 5 seconds faster per host on average. Protocols can be custom tailored to meet specific customer requirements in their environments. Target Release Date This feature will be released in TVM and Nessus on February 25, 2025. The feature release date for Tenable Security Center is TBD.
Enhanced Live Host Detection via UDP Ping on NetBIOS and...
Enhanced Live Host Detection via UDP Ping on NetBIOS and IKE Ports Background When “Ping the remote host” is enabled in a scan policy and UDP Ping has been enabled, some UDP ports are probed to determine whether a live host exists at the IP. The existing probes cover DNS (53), portmapper (111), NTP (123), and RIP (520). Probes on these UDP ports are less effective at identifying Windows targets that have common TCP ports firewalled. Change Additional UDP ping probes are being added for NetBIOS (137) and IKE (500) to better detect Windows targets that have common TCP ports firewalled but leave UDP ports open. Impact Customers should expect better detection of live targets, including Windows targets, that have common TCP ports firewalled but leave UDP ports open. This may result in an increased number of assets discovered and scanned. Depending on the environment, there is potential for network devices to respond to TCP or UDP ping probes in such a way that scan targets appear to be live when they are not. The additional UDP ports being tested expand the scope of this potential. Plugins 10180 - Ping the remote host Target Release Date 22 March 2021 ---------------------------------------------------------------------------------------------------- Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.