as I said before, you need to set target alive test to 'consider alive' (this is feature of openvas 8) or modify scan config to remove ping alive test.
Eero 2015-11-24 19:52 GMT+02:00 Tianyi Yang <[email protected]>: > I ran nmap in the terminal using all kinds of discovery methods that I > know, e.g. SYN ping, ACK ping, UDP ping and ICMP ping, the probed host was > shown as dead for each of these. > > However, when simply run "ping host-ip" (which is basically ICMP probe), > it worked fine. > > So I am wondering if bad configuration of nmap caused all the problems? > Thanks a lot! > > TY > > On Tue, Nov 24, 2015 at 11:42 AM, Eero Volotinen <[email protected]> > wrote: > >> You should use following nmap settings with root account (on openvas >> machine) >> >> nmap -P0 -p- ip.address >> >> that mean -P0 = consider host alive, -p- = full tcp scan .. >> >> and same with vpn connection. if results are different on nmap scan then >> problem is not on openvas machine. Then it's related to your network >> configuration, firewall settings or routing. >> >> Eero >> >> 2015-11-24 19:26 GMT+02:00 Tianyi Yang <[email protected]>: >> >>> Thank you for the good suggestions! >>> >>> 1. I tested setting target as consider alive, full tcp scan and full and >>> fast and tried again to scan over VPN, the results are exactly the same as >>> before and no improvement. >>> >>> 2. I tried probing the target host with nmap over VPN, it showed "0 >>> hosts up". So nmap showed the same unwanted results as openvas. Any >>> suggestions on how to make changes? Thanks a lot! >>> >>> TY >>> >>> On Tue, Nov 24, 2015 at 3:57 AM, Eero Volotinen <[email protected]> >>> wrote: >>> >>>> It's really hard to guess all your settings and configurations. >>>> >>>> please set target to consider alive, full tcp scan and full and fast >>>> and try again. you should also try scan same target using nmap and compare >>>> results. >>>> >>>> -- >>>> Eero >>>> >>>> 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: >>>> >>>>> Hi everyone, >>>>> >>>>> I was scanning a same device over VPN and through direct connect with >>>>> exactly the same configurations, and found the results are essentially >>>>> different. >>>>> >>>>> The results over VPN only catch 5 Logs in the following, i.e. >>>>> 3com switch2hub (general/tcp) (Log) >>>>> OS fingerprinting (general/tcp) (Log) >>>>> ICMP Timestamp Detection (general/tcp) (Log) >>>>> Traceroute (general/tcp) (Log) >>>>> CPE Inventory (general/tcp) (Log) >>>>> >>>>> However, in the results when connect directly between the scanned >>>>> device and the scanner host, 2 High and 11 Logs are found. In addition to >>>>> those listed above, there are: >>>>> Multiple NetGear ProSafe Switches Information Disclosure Vulnerability >>>>> (80/tcp) (High) >>>>> Report default community names of the SNMP Agent (161 tcp) (High) >>>>> HTTP Server type and version (80/tcp) (Log) >>>>> Services (80/tcp) (Log) >>>>> Web mirroring (80/tcp) (Log) >>>>> Directory Scanner (80/tcp) (Log) >>>>> wapiti (NASL wrapper) (80/tcp) (Log) >>>>> An SNMP Agent is running (161/udp) (Log) >>>>> >>>>> We see that the job over VPN has only results in locations >>>>> "general/tcp". And I further found that the VPN results were independent >>>>> of >>>>> the port list, which means even if we specifies an EMPTY port list, the >>>>> outcome is exactly the same. And I read the logs on the scanned device >>>>> site >>>>> and found only ports, e.g. TCP 22 and UDP 69 were probed. However, the >>>>> requested ports like TCP 80 and UDP 161 were never probed over VPN. >>>>> >>>>> Does anyone have insights what's wrong with my scan jobs/setup/configs >>>>> over VPN? I appreciate it! >>>>> >>>>> TY >>>>> >>>>> _______________________________________________ >>>>> Openvas-discuss mailing list >>>>> [email protected] >>>>> >>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>>> >>>> >>>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
