[Openvas-discuss] Launching pure UDP-Scans fail

Thu, 16 Jan 2014 01:06:17 -0800 

Hi,
i'm trying to do a scan only for vulnerablities on ntp, e.g. "NTP Monlist Feature Enabled". So i set up: 

1) Scan-Config
- Port scanner is nmap

- NVT is Denial of Service > NTP Monlist Feature Enabled 
(1.3.6.1.4.1.25623.1.0.103868)

2) Target with port list
- port list only consists of U:123

There are 2 problems with this scan:

1) Nmap won't start for port lists only with UDP-ports

You have to add at least one TCP-port to get nmap started. This is an 
openvassd problem, because nmap can be used only with UDP.

So i added T:80 to my port list.

2) Now nmap finds open UDP-port 123 but nasl-script is not started

nmap runs with: nmap -n -P0 -oG /tmp/nmap-127.0.0.1-529323782 -sT -sU -p 
T:80,U:123 -T 3 127.0.0.1

Results within /tmp/nmap-127.0.0.1-529323782 are:

# Nmap 6.00 scan initiated Thu Jan 16 09:41:36 2014 as: nmap -n -P0 -oG 
/tmp/nmap-127.0.0.1-529323782 -sT -sU -p T:80,U:123 -T 3 127.0.0.1

Host: 127.0.0.1 ()      Status: Up
Host: 127.0.0.1 ()      Ports: 80/closed/tcp//http///, 123/open/udp//ntp///

# Nmap done at Thu Jan 16 09:41:36 2014 -- 1 IP address (1 host up) 
scanned in 0.04 seconds


But log says:

[Thu Jan 16 08:28:22 2014][20692] Launching ntp_open.nasl against 
127.0.0.1 [20800]
[Thu Jan 16 08:28:22 2014][20692] ntp_open.nasl (process 20800) finished 
its job in 0.007 seconds
[Thu Jan 16 08:28:22 2014][20692] Not launching 
2014/gb_ntp_monlist_enabled.nasl against 127.0.0.1 none of the required 
udp ports are open (this is not an error)




The most confusing part to me is the fact, that launching the scan 
against pure TCP-ports succeeds with:
nmap -n -P0 -oG /tmp/nmap-127.0.0.1-1165914010 -sT -sU -p T:1-1023 -T 3 
127.0.0.1
[Thu Jan 16 08:52:32 2014][31843] ntp_open.nasl (process 31961) finished 
its job in 0.014 seconds
[Thu Jan 16 08:52:32 2014][31843] Launching 
2014/gb_ntp_monlist_enabled.nasl against 127.0.0.1 [31968]
[Thu Jan 16 08:52:32 2014][31843] 2014/gb_ntp_monlist_enabled.nasl 
(process 31968) finished its job in 0.022 seconds


Just more confusing:
I succeeded with just scanning on TCP-port 123, which is definitely closed:

nmap -n -P0 -oG /tmp/nmap-127.0.0.1-1560233223 -sT -sU -p T:123 -T 3 
127.0.0.1

results in:

[Thu Jan 16 08:59:43 2014][20543] Launching 
2014/gb_ntp_monlist_enabled.nasl against 127.0.0.1 [20667]
[Thu Jan 16 08:59:43 2014][20543] 2014/gb_ntp_monlist_enabled.nasl 
(process 20667) finished its job in 0.010 seconds



Now i have found a workaround for my scan, but it's still confusing and 
should be fixed.


        Stefan




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss





















					Reply via email to