Troubleshooting "Inconclusive host with excessive port connection failures"

I have recently started getting “Inconclusive host with excessive port connection failures” error/vulnerability on a lot of my scans. It’s not consistent on every scan. Some scans get a valid result but the next scan might get the error.
Checking the FW shows that there should be no rules that should interfere.

Any ideas on what could be causing this?

1 Like

Saw this in different article:
# Rapid7 Blog Inconclusive host with excessive port connection failures

Some customers have seen this vulnerability “Inconclusive host with excessive port connection failures” in their scans and have no idea what it means. Basically it means that Nexpose believes something is interfering (IDS/IPS/Firewall/etc) with the scan of the target host. This means that the data we are providing is potentially flawed, missing ports, and could be full of False Negatives and/or False Positives. Not to mention we may have stopped scanning this host early in an attempt to avoid a tarpit. We have marked it as a CVSSv2 10 because the interference could be masking a rather nasty remote execution vulnerability that could be exploited manually. (IE: Up to a CVSSv2 of 10) Not to mention it makes these potential “blind spots” bubble to the top in your reporting. (Thanks Liam)

1 Like