[Openvas-discuss] TCP ports not reported as open

Thu, 09 Feb 2017 17:26:33 -0800 

Hi folks,

I'm encountering a strange issue wherein ports that I'm certain are open
are not being reported as open. I have a target host where I KNOW that TCP
port 1463 is open.

I kick off a scan using a custom port list that contains only 1 TCP port,
1463, created via

omp -u admin -w *** --xml '<create_port_list> <name>scribe only</name>
<comment>scribe only</comment> <port_range>T:1463</port_range>
</create_port_list>'

I then poll for nmap commands and I see the following:

# while true; do ps auxwww | grep [n]map; sleep 1; done
root      154390  0.0  0.0  43448  5348 ?        D    01:02   0:00 nmap
--reason -sP --send-ip -PE 10.56.6.40
root      154394  0.0  0.0 167000 51032 ?        S    01:02   0:00
openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/plugins/nmap.nasl)
root      154396  0.0  0.0  43584  5188 ?        R    01:02   0:00 nmap -n
-P0 -oG /tmp/nmap-10.56.6.40-167506994 -sT -p T:1463 -T 3 10.56.6.40
root      154438  0.0  0.0 167528 51488 ?        S    01:02   0:00
openvassd: testing 10.56.6.40
(/usr/local/var/lib/openvas/plugins/gb_nmap_os_detection.nasl)
root      154440 54.0  0.0  69620 26404 ?        S    01:02   0:00 nmap -n
-sV -oN /tmp/nmap-10.56.6.40-567162054 -O
1463,15197,25097,38204,46226,55374 10.56.6.40


What's up with the "-O 1463,15197,25097,38204,46226,55374" part? The output
from running that nmap command in the foreground looks like:


root@22552df8a23f:/# nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O
1463,15197,25097,38204,46226,55374 10.56.6.40

Starting Nmap 5.51 ( http://nmap.org ) at 2017-02-10 01:11 UTC
Invalid target host specification: 1463,15197,25097,38204,46226,55374
QUITTING!


That list of random ports seems to vary on each run (except for the first
number, 1463, which is consistent with what i've requested to be scanned).
Not sure where it's coming from, but I'm fairly certain that this is what's
causing the issue that I'm seeing where known open ports are not being
reported.

I'm on ubuntu 14.04 (trusty), openvas8 built from source on the published
tarballs on http://www.openvas.org/install-source.html.

Any ideas on where that random list is coming from? and why it's not being
passed with "-p"? Is that possibly what's causing this issue or is it a red
herring?


Daniel Popescu
818-625-0823

_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to