The Scanner tab configures Internet Scanner for logging and reporting options.
General
Grab Critical Files: Enables Internet Scanner to copy critical files. These files are placed in the “pwd” directory located under the installation directory. This directory should be secured on installation, and Internet Scanner warns the user if it is insecure at the beginning of a scan. The vulnerabilities that can permit the password file to be obtained are:
Sendmail Remote Execution
TFTP (Trivial File Transfer Protocol) Running
Domain Names and NIS Servers
Rsh Vulnerable in hosts .equiv
Rlogin -froot Vulnerability
Anonymous FTP
FTP Default Account Accessible
Generate Session Log Files: Allows Internet Scanner information to be added to log files. This information is used for debugging purposes only and can substantially inflate the size of the log.
Verbose Output: Enables additional output to the log files.
Diagnostic Output: Generates information in the session log files used in monitoring the Telnet Brute Force behavior. Caution: Enabling this option can increase the size of the log files.
Ping Timeout (ms): Sets maximum timeout value for a ping, in milliseconds. This value may be decreased on fast networks to allow more rapid network enumeration, or increased on slower networks if not all hosts are found.
Scan if ping fails: Perform a scan even if the host is not able to return ping requests. This is frequently the case when a firewall is between the host and Internet Scanner. Warning: Enabling this option significantly increases scan times.
Always Run Exploits: Runs exploits even if the Scan if ping fails option detects no services after running the service scan, the port scan, and the half scan. (This option is enabled only when Scan if ping fails is enabled.) Warning: Enabling this option significantly increases scan times.
Threads
Maximum Parallel Scan Threads: Lets you select how many parallel scans can occur at one time. Parallel scanning decreases the total time it takes to scan, but increases the processor load and slows other processes on the machine running the scan. The maximum number of parallel scans is 128 in the Windows NT version. On slower CPUs (166 MHz or slower), ISS recommends setting the maximum number of parallel scans to 64 in the Windows NT version.
Number of Parallel Service Scans: Internet Scanner uses dedicated threads for TCP service scanning. The load on your network is directly proportional to the number of service scan threads, and should be left at four threads for a 10-megabit Ethernet network. Non-paged pool system RAM also rises with an increase in service scan threads. If additional performance is required, carefully monitor system memory usage and network capacity utilization. The maximum value is 16 threads.
Important: This parameter controls how much network traffic is generated during a scan. If you are scanning across slow or WAN links, ISS recommends setting this value to 2, or even 1.
Connections
Maximum Connections (Default Checks): The maximum number of connections Internet Scanner will make to the host during Brute Force checks. The default value is 32 connections, with a maximum value of 50 connections.
Delay: The amount of time in milliseconds that Internet Scanner waits between connections made to the host during Brute Force checks. The default is 100 milliseconds.
Maximum Connections (Port Scan): Specifies the maximum number of ports that a thread can open simultaneously. The default is four ports, with a maximum value of 1024 ports. Important: When scanning a small number of hosts, increase this value accordingly to expedite the scan.
Timeout (ms): Maximum timeout value for a port scan, in milliseconds. The default is 9000 milliseconds.