Hello Everybody, I'm new to OpenVAS and vulnerability scanning in general. The problem that I am having is that whenever I perform a scan on my network there is a pretty big list of internal default accounts that try to access the hosts via SSH.
I setup a scan in my network and configured it as follows: I created a custom scan config using the Full and Fast template. Within that template I disabled brute force attacks, specifically ncrack: ssh and Password cracking (NASL wrappers common options). I created a target with the following parameters: Reverse Lookup Only (immutable): No Reverse Lookup Unify (immutable): No Port List (immutable): All IANA assigned TCP 2012-02-10 Alive Test: Scan Config Default SSH: Credentialed SMB: Blank ESXi: Blank I selected the custom scan config when I created the task. I also modified the default_credentials.inc file and removed all of the user names and passwords from that list as I was getting a huge list of default usernames that were attempting to scan the network. Even with all of the usernames that I deleted from that file, I still get quite a few of default accounts that are still being used. # Username ro OpenVAS support 0 karaf root nsroot emailswitch product netscreen cisco mfg panopta.admin admin cmc rwa HPSupport How can I disable these? Any assistance would be greatly appreciated. Thank you, Matelio
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
