I ran nmap in the terminal using all kinds of discovery methods that I know, e.g. SYN ping, ACK ping, UDP ping and ICMP ping, the probed host was shown as dead for each of these.
However, when simply run "ping host-ip" (which is basically ICMP probe), it worked fine. So I am wondering if bad configuration of nmap caused all the problems? Thanks a lot! TY On Tue, Nov 24, 2015 at 11:42 AM, Eero Volotinen <[email protected]> wrote: > You should use following nmap settings with root account (on openvas > machine) > > nmap -P0 -p- ip.address > > that mean -P0 = consider host alive, -p- = full tcp scan .. > > and same with vpn connection. if results are different on nmap scan then > problem is not on openvas machine. Then it's related to your network > configuration, firewall settings or routing. > > Eero > > 2015-11-24 19:26 GMT+02:00 Tianyi Yang <[email protected]>: > >> Thank you for the good suggestions! >> >> 1. I tested setting target as consider alive, full tcp scan and full and >> fast and tried again to scan over VPN, the results are exactly the same as >> before and no improvement. >> >> 2. I tried probing the target host with nmap over VPN, it showed "0 hosts >> up". So nmap showed the same unwanted results as openvas. Any suggestions >> on how to make changes? Thanks a lot! >> >> TY >> >> On Tue, Nov 24, 2015 at 3:57 AM, Eero Volotinen <[email protected]> >> wrote: >> >>> It's really hard to guess all your settings and configurations. >>> >>> please set target to consider alive, full tcp scan and full and fast and >>> try again. you should also try scan same target using nmap and compare >>> results. >>> >>> -- >>> Eero >>> >>> 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: >>> >>>> Hi everyone, >>>> >>>> I was scanning a same device over VPN and through direct connect with >>>> exactly the same configurations, and found the results are essentially >>>> different. >>>> >>>> The results over VPN only catch 5 Logs in the following, i.e. >>>> 3com switch2hub (general/tcp) (Log) >>>> OS fingerprinting (general/tcp) (Log) >>>> ICMP Timestamp Detection (general/tcp) (Log) >>>> Traceroute (general/tcp) (Log) >>>> CPE Inventory (general/tcp) (Log) >>>> >>>> However, in the results when connect directly between the scanned >>>> device and the scanner host, 2 High and 11 Logs are found. In addition to >>>> those listed above, there are: >>>> Multiple NetGear ProSafe Switches Information Disclosure Vulnerability >>>> (80/tcp) (High) >>>> Report default community names of the SNMP Agent (161 tcp) (High) >>>> HTTP Server type and version (80/tcp) (Log) >>>> Services (80/tcp) (Log) >>>> Web mirroring (80/tcp) (Log) >>>> Directory Scanner (80/tcp) (Log) >>>> wapiti (NASL wrapper) (80/tcp) (Log) >>>> An SNMP Agent is running (161/udp) (Log) >>>> >>>> We see that the job over VPN has only results in locations >>>> "general/tcp". And I further found that the VPN results were independent of >>>> the port list, which means even if we specifies an EMPTY port list, the >>>> outcome is exactly the same. And I read the logs on the scanned device site >>>> and found only ports, e.g. TCP 22 and UDP 69 were probed. However, the >>>> requested ports like TCP 80 and UDP 161 were never probed over VPN. >>>> >>>> Does anyone have insights what's wrong with my scan jobs/setup/configs >>>> over VPN? I appreciate it! >>>> >>>> TY >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> >>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
