The VPN connection seems ok. It's tested to be up after the scan job. And when the scan was running, I monitored on the scanned device side and saw packet incoming from and outgoing to the scanner.
Could you provide more guidance about how the firewall (iptable) should be set up on the scanned host to allow scanning over VPN? It seems to be not banning all probes from VPN, e.g. ICMP, TCP 22 and UDP 69 are seen. An example kernel log is as follows: " Nov 23 11:18:41 kernel: [ 5081.120000] --POST: IN= OUT=GILBARCO SRC=10.255.255.253 DST=192.168.0.239 LEN=57 TOS=0x00 PREC=0x00 TTL=63 ID=39017 PROTO=UDP SPT=49777 DPT=69 LEN=37 MARK=0x80030000 Nov 23 11:18:41 kernel: [ 5081.120000] --POST>ALLOWED: IN= OUT=GILBARCO SRC=10.255.255.253 DST=192.168.0.239 LEN=57 TOS=0x00 PREC=0x00 TTL=63 ID=39017 PROTO=UDP SPT=49777 DPT=69 LEN=37 MARK=0x80030000 " TY On Mon, Nov 23, 2015 at 12:03 PM, Eero Volotinen <[email protected]> wrote: > Well. maybe there is some filtering on VPN connection? or aggressive > scanning is crashing vpn connection down? > > -- > Eero > > 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: > >> Hi everyone, >> >> I was scanning a same device over VPN and through direct connect with >> exactly the same configurations, and found the results are essentially >> different. >> >> The results over VPN only catch 5 Logs in the following, i.e. >> 3com switch2hub (general/tcp) (Log) >> OS fingerprinting (general/tcp) (Log) >> ICMP Timestamp Detection (general/tcp) (Log) >> Traceroute (general/tcp) (Log) >> CPE Inventory (general/tcp) (Log) >> >> However, in the results when connect directly between the scanned device >> and the scanner host, 2 High and 11 Logs are found. In addition to those >> listed above, there are: >> Multiple NetGear ProSafe Switches Information Disclosure Vulnerability >> (80/tcp) (High) >> Report default community names of the SNMP Agent (161 tcp) (High) >> HTTP Server type and version (80/tcp) (Log) >> Services (80/tcp) (Log) >> Web mirroring (80/tcp) (Log) >> Directory Scanner (80/tcp) (Log) >> wapiti (NASL wrapper) (80/tcp) (Log) >> An SNMP Agent is running (161/udp) (Log) >> >> We see that the job over VPN has only results in locations "general/tcp". >> And I further found that the VPN results were independent of the port list, >> which means even if we specifies an EMPTY port list, the outcome is exactly >> the same. And I read the logs on the scanned device site and found only >> ports, e.g. TCP 22 and UDP 69 were probed. However, the requested ports >> like TCP 80 and UDP 161 were never probed over VPN. >> >> Does anyone have insights what's wrong with my scan jobs/setup/configs >> over VPN? I appreciate it! >> >> TY >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
