Hi Yves,
On 2013-10-09 19:17, Yves Réveillon - eurower.fr wrote:
Hi,
I'm using OpenVAS on a OpenVZ host.
So, i have :
venet0 inet addr:127.0.0.1
venet0:0 inet addr:PUBLIC_IP
I cannot set the PUBLIC_IP on the venet0 !
So the scanner is launching with :
openvassd --listen=127.0.0.1 -S PUBLIC_IP
But when I start the scan, I have a message :
The remote host (ANOTHER_PUBLIC_IP) is dead
And this is what tcpdump says :
21:48:25.248488 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.ftp: Flags
[.],
ack 4171032861, win 2048, length 0
21:48:25.248515 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.telnet: Flags
[.], ack 4171032861, win 1024, length 0
21:48:25.248522 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.smtp: Flags
[.],
ack 4171032861, win 4096, length 0
21:48:25.248525 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.domain: Flags
[.], ack 4171032861, win 1024, length 0
21:48:25.248528 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.http: Flags
[.],
ack 4171032861, win 2048, length 0
So, the IP source is ... localhost and not the PUBLIC_IP of the -S
flag.
What's the problem ?
Thanks ...
Thanks for reporting this. That generated traffic is from Nmap I
believe. I have pushed an update to "Nmap (NASL wrapper)" nvt in
revision 18076 which adds "Source IP :" nvt preference. Could you test
setting the interface IP in that preference too and report back ?
On a related note, nmap 5.21 is too old. There were some bug fixes
related to matching routes to interfaces, IIRC. Maybe confirm with a
manual nmap scan ?
Thanks
Hani.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
