I am curious to find out if anyone else has had issues when performing
Nessus or Nmap scans from behind a m0n0wall if they have seen
performance drop on their network and bring all traffic to a very slow
Today I was running Nessus scans through our m0n0wall in the office to
remote hosts, suddenly we started having various network issues with
regards to any network protocol. At work we use RoadRunner Business
class Simple webpages like google took 10 seconds to refresh etc etc..
It was horrible. The second I stopped the scans everything worked as
normal. To eliminate messing with works firewall I decided to take my
work home and attempt the same scan from home where I use m0n0wall as
well. I found the same issues here. Has anyone else had similar issues.?
To get around the network issues I was seeing I decided to reconfigure
my Traffic Shaper to only give a certain amount of bandwidth to my
Nessus machine. I placed rules putting traffic sourced from my machine
to the networks I was scanning in to the upload/download #3 buckets
giving them less bandwidth (I used the default traffic shaper wizard).
This allowed me to use my standard RoadRunner Cable modem to both do
scans as well as browse/e-mail/download with no issues.
Like I said I did not have time to look in to weather it was a bandwidth
issue or if it was something to do with our setup at work but I do know
that I have seen Checkpoint FW's lock up and quit passing traffic due to
the amount of connections that the Nessus scanner throws out. When I
have some time I will try to set this up in a lab to see if it is the
sheer # of states that are generated by a Nessus scan or if it truly is
a bandwidth related issue. For now I will deal with throttling the
nessus scanner so I can continue to work. But if anyone has time to test
this now feel free to send me msg and I can give you some details as to
our current setup maybe you can mirror it in a lab.