What is output of nmap -P0 -p- ip in both scenarios? Eero 24.11.2015 8.29 ip. "Tianyi Yang" <[email protected]> kirjoitti:
> I did set the target as 'consider alive', but it still didn't scan the > host on the other side of the tunnel. > > On Tue, Nov 24, 2015 at 12:14 PM, Eero Volotinen <[email protected]> > wrote: > >> as I said before, you need to set target alive test to 'consider alive' >> (this is feature of openvas 8) or modify scan config to remove ping alive >> test. >> >> Eero >> >> 2015-11-24 19:52 GMT+02:00 Tianyi Yang <[email protected]>: >> >>> I ran nmap in the terminal using all kinds of discovery methods that I >>> know, e.g. SYN ping, ACK ping, UDP ping and ICMP ping, the probed host was >>> shown as dead for each of these. >>> >>> However, when simply run "ping host-ip" (which is basically ICMP probe), >>> it worked fine. >>> >>> So I am wondering if bad configuration of nmap caused all the problems? >>> Thanks a lot! >>> >>> TY >>> >>> On Tue, Nov 24, 2015 at 11:42 AM, Eero Volotinen <[email protected]> >>> wrote: >>> >>>> You should use following nmap settings with root account (on openvas >>>> machine) >>>> >>>> nmap -P0 -p- ip.address >>>> >>>> that mean -P0 = consider host alive, -p- = full tcp scan .. >>>> >>>> and same with vpn connection. if results are different on nmap scan >>>> then problem is not on openvas machine. Then it's related to your network >>>> configuration, firewall settings or routing. >>>> >>>> Eero >>>> >>>> 2015-11-24 19:26 GMT+02:00 Tianyi Yang <[email protected]>: >>>> >>>>> Thank you for the good suggestions! >>>>> >>>>> 1. I tested setting target as consider alive, full tcp scan and full >>>>> and fast and tried again to scan over VPN, the results are exactly the >>>>> same >>>>> as before and no improvement. >>>>> >>>>> 2. I tried probing the target host with nmap over VPN, it showed "0 >>>>> hosts up". So nmap showed the same unwanted results as openvas. Any >>>>> suggestions on how to make changes? Thanks a lot! >>>>> >>>>> TY >>>>> >>>>> On Tue, Nov 24, 2015 at 3:57 AM, Eero Volotinen <[email protected] >>>>> > wrote: >>>>> >>>>>> It's really hard to guess all your settings and configurations. >>>>>> >>>>>> please set target to consider alive, full tcp scan and full and fast >>>>>> and try again. you should also try scan same target using nmap and >>>>>> compare >>>>>> results. >>>>>> >>>>>> -- >>>>>> Eero >>>>>> >>>>>> 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: >>>>>> >>>>>>> Hi everyone, >>>>>>> >>>>>>> I was scanning a same device over VPN and through direct connect >>>>>>> with exactly the same configurations, and found the results are >>>>>>> essentially >>>>>>> different. >>>>>>> >>>>>>> The results over VPN only catch 5 Logs in the following, i.e. >>>>>>> 3com switch2hub (general/tcp) (Log) >>>>>>> OS fingerprinting (general/tcp) (Log) >>>>>>> ICMP Timestamp Detection (general/tcp) (Log) >>>>>>> Traceroute (general/tcp) (Log) >>>>>>> CPE Inventory (general/tcp) (Log) >>>>>>> >>>>>>> However, in the results when connect directly between the scanned >>>>>>> device and the scanner host, 2 High and 11 Logs are found. In addition >>>>>>> to >>>>>>> those listed above, there are: >>>>>>> Multiple NetGear ProSafe Switches Information Disclosure >>>>>>> Vulnerability (80/tcp) (High) >>>>>>> Report default community names of the SNMP Agent (161 tcp) (High) >>>>>>> HTTP Server type and version (80/tcp) (Log) >>>>>>> Services (80/tcp) (Log) >>>>>>> Web mirroring (80/tcp) (Log) >>>>>>> Directory Scanner (80/tcp) (Log) >>>>>>> wapiti (NASL wrapper) (80/tcp) (Log) >>>>>>> An SNMP Agent is running (161/udp) (Log) >>>>>>> >>>>>>> We see that the job over VPN has only results in locations >>>>>>> "general/tcp". And I further found that the VPN results were >>>>>>> independent of >>>>>>> the port list, which means even if we specifies an EMPTY port list, the >>>>>>> outcome is exactly the same. And I read the logs on the scanned device >>>>>>> site >>>>>>> and found only ports, e.g. TCP 22 and UDP 69 were probed. However, the >>>>>>> requested ports like TCP 80 and UDP 161 were never probed over VPN. >>>>>>> >>>>>>> Does anyone have insights what's wrong with my scan >>>>>>> jobs/setup/configs over VPN? I appreciate it! >>>>>>> >>>>>>> TY >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Openvas-discuss mailing list >>>>>>> [email protected] >>>>>>> >>>>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
