OS detections adds 5 random ports to commandline: http://plugins.openvas.org/nasl.php?oid=108021
-- Eero 2017-02-10 3:24 GMT+02:00 Dan ½ <[email protected]>: > Hi folks, > > I'm encountering a strange issue wherein ports that I'm certain are open > are not being reported as open. I have a target host where I KNOW that TCP > port 1463 is open. > > I kick off a scan using a custom port list that contains only 1 TCP port, > 1463, created via > > omp -u admin -w *** --xml '<create_port_list> <name>scribe only</name> > <comment>scribe only</comment> <port_range>T:1463</port_range> > </create_port_list>' > > I then poll for nmap commands and I see the following: > > # while true; do ps auxwww | grep [n]map; sleep 1; done > root 154390 0.0 0.0 43448 5348 ? D 01:02 0:00 nmap > --reason -sP --send-ip -PE 10.56.6.40 > root 154394 0.0 0.0 167000 51032 ? S 01:02 0:00 > openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl > ugins/nmap.nasl) > root 154396 0.0 0.0 43584 5188 ? R 01:02 0:00 nmap -n > -P0 -oG /tmp/nmap-10.56.6.40-167506994 -sT -p T:1463 -T 3 10.56.6.40 > root 154438 0.0 0.0 167528 51488 ? S 01:02 0:00 > openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl > ugins/gb_nmap_os_detection.nasl) > root 154440 54.0 0.0 69620 26404 ? S 01:02 0:00 nmap -n > -sV -oN /tmp/nmap-10.56.6.40-567162054 -O 1463,15197,25097,38204,46226,55374 > 10.56.6.40 > > > What's up with the "-O 1463,15197,25097,38204,46226,55374" part? The > output from running that nmap command in the foreground looks like: > > > root@22552df8a23f:/# nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O > 1463,15197,25097,38204,46226,55374 10.56.6.40 > > Starting Nmap 5.51 ( http://nmap.org ) at 2017-02-10 01:11 UTC > Invalid target host specification: 1463,15197,25097,38204,46226,55374 > QUITTING! > > > That list of random ports seems to vary on each run (except for the first > number, 1463, which is consistent with what i've requested to be scanned). > Not sure where it's coming from, but I'm fairly certain that this is what's > causing the issue that I'm seeing where known open ports are not being > reported. > > I'm on ubuntu 14.04 (trusty), openvas8 built from source on the published > tarballs on http://www.openvas.org/install-source.html. > > Any ideas on where that random list is coming from? and why it's not being > passed with "-p"? Is that possibly what's causing this issue or is it a red > herring? > > > Daniel Popescu > 818-625-0823 > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
