You should use following nmap settings with root account (on openvas machine)
nmap -P0 -p- ip.address that mean -P0 = consider host alive, -p- = full tcp scan .. and same with vpn connection. if results are different on nmap scan then problem is not on openvas machine. Then it's related to your network configuration, firewall settings or routing. Eero 2015-11-24 19:26 GMT+02:00 Tianyi Yang <[email protected]>: > Thank you for the good suggestions! > > 1. I tested setting target as consider alive, full tcp scan and full and > fast and tried again to scan over VPN, the results are exactly the same as > before and no improvement. > > 2. I tried probing the target host with nmap over VPN, it showed "0 hosts > up". So nmap showed the same unwanted results as openvas. Any suggestions > on how to make changes? Thanks a lot! > > TY > > On Tue, Nov 24, 2015 at 3:57 AM, Eero Volotinen <[email protected]> > wrote: > >> It's really hard to guess all your settings and configurations. >> >> please set target to consider alive, full tcp scan and full and fast and >> try again. you should also try scan same target using nmap and compare >> results. >> >> -- >> Eero >> >> 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: >> >>> Hi everyone, >>> >>> I was scanning a same device over VPN and through direct connect with >>> exactly the same configurations, and found the results are essentially >>> different. >>> >>> The results over VPN only catch 5 Logs in the following, i.e. >>> 3com switch2hub (general/tcp) (Log) >>> OS fingerprinting (general/tcp) (Log) >>> ICMP Timestamp Detection (general/tcp) (Log) >>> Traceroute (general/tcp) (Log) >>> CPE Inventory (general/tcp) (Log) >>> >>> However, in the results when connect directly between the scanned device >>> and the scanner host, 2 High and 11 Logs are found. In addition to those >>> listed above, there are: >>> Multiple NetGear ProSafe Switches Information Disclosure Vulnerability >>> (80/tcp) (High) >>> Report default community names of the SNMP Agent (161 tcp) (High) >>> HTTP Server type and version (80/tcp) (Log) >>> Services (80/tcp) (Log) >>> Web mirroring (80/tcp) (Log) >>> Directory Scanner (80/tcp) (Log) >>> wapiti (NASL wrapper) (80/tcp) (Log) >>> An SNMP Agent is running (161/udp) (Log) >>> >>> We see that the job over VPN has only results in locations >>> "general/tcp". And I further found that the VPN results were independent of >>> the port list, which means even if we specifies an EMPTY port list, the >>> outcome is exactly the same. And I read the logs on the scanned device site >>> and found only ports, e.g. TCP 22 and UDP 69 were probed. However, the >>> requested ports like TCP 80 and UDP 161 were never probed over VPN. >>> >>> Does anyone have insights what's wrong with my scan jobs/setup/configs >>> over VPN? I appreciate it! >>> >>> TY >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> >> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
