Hi team,
i came in a situation that cause me a headache to undestand why my scan
does not give answers i was expecting,
I got a server that run ssh server (protocol 1.5 and 1.33 only), on
port 22,2222,2223,2224,2225 .
The scan report me that :
- a ssh server was running on port 22,2222,2223,2224,2225 that's
true. (i must precise that The scan use a gnmap file send as parameter
in plugin Nmap (NASL wrapper)).
- The ssh is vulnerable to SSH SSH-1 Protocol Authentication Bypass
Vulnerability on port 22,2222,2223 ok too, but why not port 2224 and
2225 ??? they use same server.
So i dig into the plugins to understand why 2224 and 2225 are missing
and see that plugins ssh_proto_version.nasl exit(0) at line :
"if(!get_port_state(port))exit(0);" for port 2224, 2225.
ok, after adding some debug in the lib, i see that port 2224, 2225 are
detect to not be in port_range in function : kb_get_port_state_proto
in the code :
if (!port_in_ports (portnum, range, 0, num)) return
unscanned_ports_as_closed (prefs);
and right, when i check the Log Information of plugin scan_info.nasl, i
see that the port_range were missing some TCP ports .
That's not what i was expecting as i create my target with port_list
set to : ' All TCP and Nmap 5.51 top 100 UDP '
Can you help me to clear that ? is there another solution to specify
port_list to have ALL TCP port from 1 to 65535 ? for my port 2224,2225
detected in.
--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud
français"
| Sébastien AUCOUTURIER | Software Design Engineer Lead
| ITrust | 55 Avenue l'Occitane BP 67303 31673 LABEGE CEDEX
| Email: s.aucoutur...@itrust.fr
| Fixe Sdt. 05.67.34.67.80 | Fax. 09.80.08.37.23
| IT Security Services & SaaS Editor
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
