Hi,
On 27.04.2015 11:22, Thibaut Pouzet wrote:
Hi,
* Under a normal load, the firewall is following 10000 connections
* When we launch OpenVAS, this goes up to 65535 and the firewall starts
dropping packets
* We increased the max value to 120000, launched a scan, and the table
was once again full, firewall dropping packets.
Disable the connection tracking feature, this table will fill up
automatically.
OpenVAS is doing port scans, depending on your infrastructure, you
firewalls
(dropping TCP-FIN) and your environment this will never work.
We usually limit the number of hosts scanned to 4, with 5 NVT per host,
and the scanning machine has 4 CPU and 2G of RAM (Virtual machine).
It seems that the value of the max conntrack has to be properly tuned on
the firewall as it has an impact on RAM consumption, we are working on it.
However, I would like to know how I can have controll of what the
scanning machine is doing, and limit in OpenVAS this amount of
connexions opened. If I cannot do this :
* Either I put some rate-limiting on the firewall, and requests will be
dropped, OpenVAS might miss some things.
* Or I don't put rate-limiting, and when I scan, the firewall drops
legitimate trafic.
Disable the connection tracking feature in your Linux kernel and build
one without it.
Do somebody has anything that could help me on this topic ?
Thank You
--
Regards
Lukas Grunwald
http://www.greenbone.net
mail: [email protected]
Greenbone Networks GmbH
AG Osnabrück, HR B 202460
Neuer Graben 17, 49074 Osnabrueck, Germany
Tel. +49-541-33-5084-0 Mob. +49-1511-25-24-255
Fax. +49-541-33-5084-99
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
