Hi, I recently created an internal network with VirtualBox for scanning purposes. I installed three virtual machines and I organized my internal network in two subnets. It's a quick and easy solution in order to learn the fundamental techniques of scanning. I decided to install OpenVAS 9 as vulnerability scanner in the virtual machine running Kali. I subsequently installed Debian in the second virtual host and OpenBSD in the last virtual machine. Obviously, the machine running OpenBSD acts as a router allowing to simulate a real environment in which several scanning tasks can involve one or more subnets. In my case, the first subnet consists of a single host (i.e Kali virtual machine) with address 192.168.10.2/24 . The second subnet also consists of a single host (i.e Debian virtual machine) with address 192.168.11.2/24; this one will be the target for my scanning activities. Then I configured the two interfaces of the OpenBSD virtual machine as gateways. So far so good, everything about hosts reachability works correctly. As additional step, I blocked all ICMP packets including ping request on Debian host through the following command:
iptables -A INPUT -p icmp -j DROP Disabling ping requests on a target host is useful if we want to practice with OpenVAS. While I was executing a "Full and Fast scan" on my Debian target, I noticed that there were not ping requests at the beginning of the scan from Kali host but TCP-SYN packets, despite having selected "Scan Config Default" as "Alive Test". I analyzed all the traffic with Wireshark. OpenVAS documentation mentions ICMP ping as default preference. Is it possible that the default preference has been set to TCP ping in OpenVAS 9? Thanks in advance, Luca
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
