The problem was eventually sorted out. Just to keep everyone posted. It is the NETWORK issue. In the configuration file of IPsec tunnel, the source ip was left over. Thanks a lot for the help!
On Tue, Nov 24, 2015 at 2:58 PM, Eero Volotinen <[email protected]> wrote: > What is output of nmap -P0 -p- ip in both scenarios? > > Eero > 24.11.2015 8.29 ip. "Tianyi Yang" <[email protected]> kirjoitti: > >> I did set the target as 'consider alive', but it still didn't scan the >> host on the other side of the tunnel. >> >> On Tue, Nov 24, 2015 at 12:14 PM, Eero Volotinen <[email protected]> >> wrote: >> >>> as I said before, you need to set target alive test to 'consider alive' >>> (this is feature of openvas 8) or modify scan config to remove ping alive >>> test. >>> >>> Eero >>> >>> 2015-11-24 19:52 GMT+02:00 Tianyi Yang <[email protected]>: >>> >>>> I ran nmap in the terminal using all kinds of discovery methods that I >>>> know, e.g. SYN ping, ACK ping, UDP ping and ICMP ping, the probed host was >>>> shown as dead for each of these. >>>> >>>> However, when simply run "ping host-ip" (which is basically ICMP >>>> probe), it worked fine. >>>> >>>> So I am wondering if bad configuration of nmap caused all the problems? >>>> Thanks a lot! >>>> >>>> TY >>>> >>>> On Tue, Nov 24, 2015 at 11:42 AM, Eero Volotinen <[email protected] >>>> > wrote: >>>> >>>>> You should use following nmap settings with root account (on openvas >>>>> machine) >>>>> >>>>> nmap -P0 -p- ip.address >>>>> >>>>> that mean -P0 = consider host alive, -p- = full tcp scan .. >>>>> >>>>> and same with vpn connection. if results are different on nmap scan >>>>> then problem is not on openvas machine. Then it's related to your network >>>>> configuration, firewall settings or routing. >>>>> >>>>> Eero >>>>> >>>>> 2015-11-24 19:26 GMT+02:00 Tianyi Yang <[email protected]>: >>>>> >>>>>> Thank you for the good suggestions! >>>>>> >>>>>> 1. I tested setting target as consider alive, full tcp scan and full >>>>>> and fast and tried again to scan over VPN, the results are exactly the >>>>>> same >>>>>> as before and no improvement. >>>>>> >>>>>> 2. I tried probing the target host with nmap over VPN, it showed "0 >>>>>> hosts up". So nmap showed the same unwanted results as openvas. Any >>>>>> suggestions on how to make changes? Thanks a lot! >>>>>> >>>>>> TY >>>>>> >>>>>> On Tue, Nov 24, 2015 at 3:57 AM, Eero Volotinen < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> It's really hard to guess all your settings and configurations. >>>>>>> >>>>>>> please set target to consider alive, full tcp scan and full and fast >>>>>>> and try again. you should also try scan same target using nmap and >>>>>>> compare >>>>>>> results. >>>>>>> >>>>>>> -- >>>>>>> Eero >>>>>>> >>>>>>> 2015-11-23 19:59 GMT+02:00 Tianyi Yang <[email protected]>: >>>>>>> >>>>>>>> Hi everyone, >>>>>>>> >>>>>>>> I was scanning a same device over VPN and through direct connect >>>>>>>> with exactly the same configurations, and found the results are >>>>>>>> essentially >>>>>>>> different. >>>>>>>> >>>>>>>> The results over VPN only catch 5 Logs in the following, i.e. >>>>>>>> 3com switch2hub (general/tcp) (Log) >>>>>>>> OS fingerprinting (general/tcp) (Log) >>>>>>>> ICMP Timestamp Detection (general/tcp) (Log) >>>>>>>> Traceroute (general/tcp) (Log) >>>>>>>> CPE Inventory (general/tcp) (Log) >>>>>>>> >>>>>>>> However, in the results when connect directly between the scanned >>>>>>>> device and the scanner host, 2 High and 11 Logs are found. In addition >>>>>>>> to >>>>>>>> those listed above, there are: >>>>>>>> Multiple NetGear ProSafe Switches Information Disclosure >>>>>>>> Vulnerability (80/tcp) (High) >>>>>>>> Report default community names of the SNMP Agent (161 tcp) (High) >>>>>>>> HTTP Server type and version (80/tcp) (Log) >>>>>>>> Services (80/tcp) (Log) >>>>>>>> Web mirroring (80/tcp) (Log) >>>>>>>> Directory Scanner (80/tcp) (Log) >>>>>>>> wapiti (NASL wrapper) (80/tcp) (Log) >>>>>>>> An SNMP Agent is running (161/udp) (Log) >>>>>>>> >>>>>>>> We see that the job over VPN has only results in locations >>>>>>>> "general/tcp". And I further found that the VPN results were >>>>>>>> independent of >>>>>>>> the port list, which means even if we specifies an EMPTY port list, the >>>>>>>> outcome is exactly the same. And I read the logs on the scanned device >>>>>>>> site >>>>>>>> and found only ports, e.g. TCP 22 and UDP 69 were probed. However, the >>>>>>>> requested ports like TCP 80 and UDP 161 were never probed over VPN. >>>>>>>> >>>>>>>> Does anyone have insights what's wrong with my scan >>>>>>>> jobs/setup/configs over VPN? I appreciate it! >>>>>>>> >>>>>>>> TY >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Openvas-discuss mailing list >>>>>>>> [email protected] >>>>>>>> >>>>>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >>
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
