Re: [Openvas-discuss] scans take forever - sometimes...

2016-12-01 Thread Michael Meyer 
*** Michael Meyer wrote:
> *** fschnit...@execulink.com wrote:
> 
> > Ok, so as it appears _all_ of the OpenVAS default scanner configs use
> > a default scan mode of TCP Connect (connect()). I see that what I need
> > to do for my fast scans that are firewalled, is to 
> > clone an existing
> > scan config, alter the clone, change the TCP Scanning Technique" to SYN
> > then use that clone in my scans. 
> 

Works for me...

After changing the scan config the following is executed:

nmap -n -P0 -oG /tmp/nmap-192.168.2.110-144908050 -sS -p T:1-5 -T 3 
192.168.2.110

Micha

-- 
Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6 
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-30 Thread Michael Meyer 
*** fschnit...@execulink.com wrote:

> Ok, so as it appears _all_ of the OpenVAS default scanner configs use
> a default scan mode of TCP Connect (connect()). I see that what I need
> to do for my fast scans that are firewalled, is to 
> clone an existing
> scan config, alter the clone, change the TCP Scanning Technique" to SYN
> then use that clone in my scans. 

Ohh...sorry, completly overlooked.  Ignore my last mail. The above should work.
I'll have a look if there is a problem in the NVT or something else.

Micha

-- 
Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6 
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-30 Thread Michael Meyer 
*** fschnit...@execulink.com wrote:
> 
> The only thing
> that works for me is to edit the nmap.nasl file and change:
> else
> argv[i++] = "-sT";
> to
> else argv[i++] = "-sS"; 

Edit the scanconfig. Edit family "Port scanners". Edit "Nmap (NASL
wrapper)". Change the "TCP scanning technique :" to "SYN scan".

Micha

-- 
Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6 
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-30 Thread fschnittke 


Ok, so as it appears _all_ of the OpenVAS default scanner configs use
a default scan mode of TCP Connect (connect()). I see that what I need
to do for my fast scans that are firewalled, is to 
clone an existing
scan config, alter the clone, change the TCP Scanning Technique" to SYN
then use that clone in my scans. 

I've done this with the Full and Fast
scan config, and double checked more than once, yet when I run my task
(even after restarting openvas) using my newly cloned scan config, I see
it is still passing the tcp connect flag (-sT) to nmap:
nmap -n -P0 -oG
/tmp/nmap-10.10.1.1-1598147081 -sT -sU -p T:1-5,7. 

The only thing
that works for me is to edit the nmap.nasl file and change:
else
argv[i++] = "-sT";
to
else argv[i++] = "-sS"; 

Any help would be
appreciated 

ONE OTHER OFF TOPIC FEATURE REQUEST:
If someone could
move the garbage can icon as far away from the wrench icon as possible,
it would be much appreciated. It's a little like having the nuclear
missile launch button right beside the 
channel up button on your TV
remote...

Thanks, 

Ted 
 ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-30 Thread fschnittke 
Hello, 

Still tinkering with my ongoing slow scan issues. Basically
I'm on a Kali 2 box with OpenVAS 8, NMAP 7.31. When I'm port scanning
firewalls the scans take forever, 2 hours or more.

I've had some
recommendations to change firewall rules to REJECT instead of DROP. I've
done this and it has helped the speed of NMAP scans, but no difference
for OpenVAS (Full and Fast) scans. The only thing that speeds up the
OpenVAS scans is if I alter the firewall to ACCEPT packets from the
scanner. But that is not ideal, and I do not always have control over
the upstream firewalls.

So along with NMAP performing full scans within
15 minutes, a Nessus installation on the same Kali box also completes a
full scan within 15-20 minutes. It just seems to be OpenVAS taking an
exceptionally long time.

Any other ideas would be appreciated...

One
other thing worthy of mention: These boxes VM's are in a VMWare
Workstation test environment using NAT. So there should be no network
latency.

Thanks , 

Ted. 

 ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-15 Thread Reindl Harald 



Am 15.11.2016 um 23:54 schrieb Fábio Fernandes:

It has happened to me too. Analyzing further with tcpdump and strace i could 
see that the retry speed rate seemed to be lower (maybe due to nmap adapting to 
the conditions of the network like weak connection or firewalls) but the same 
nmap command would finish in 15 to 20 minutes. I tried changing the timing 
options in the nmap portscanning plugin but never could confirm if it 
completely solved the issue as it happened only sometimes.


fix your firewall setting to *not drop* but reject packages from the 
scanner ip



No dia 10/11/2016, às 06:10, Christian Fischer 
 escreveu:

Hi,

On 09.11.2016 22:48, fschnit...@execulink.com wrote:

A good understanding
of this behaviour would be great.


the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so
you might need to dig into nmap itself to see why it is sometimes faster
and the other time not

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-15 Thread Fábio Fernandes 
It has happened to me too. Analyzing further with tcpdump and strace i could 
see that the retry speed rate seemed to be lower (maybe due to nmap adapting to 
the conditions of the network like weak connection or firewalls) but the same 
nmap command would finish in 15 to 20 minutes. I tried changing the timing 
options in the nmap portscanning plugin but never could confirm if it 
completely solved the issue as it happened only sometimes.

Fabio
 
> No dia 10/11/2016, às 06:10, Christian Fischer 
>  escreveu:
> 
> Hi,
> 
> On 09.11.2016 22:48, fschnit...@execulink.com wrote:
>> A good understanding
>> of this behaviour would be great.
> 
> the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so
> you might need to dig into nmap itself to see why it is sometimes faster
> and the other time not.
> 
> Regards,
> 
> -- 
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-09 Thread Christian Fischer 
Hi,

On 09.11.2016 22:48, fschnit...@execulink.com wrote:
> A good understanding
> of this behaviour would be great.

the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so
you might need to dig into nmap itself to see why it is sometimes faster
and the other time not.

Regards,

-- 

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-09 Thread fschnittke 
Hello, 

I'm having trouble understanding why the same scan task/target
can take so long sometimes but not other times.

When I run a scan on
one host using the default OpenVAS port list and the Fast and Full scan
type, it can take as much as several hours or more to complete.
I can
see that the scan is not hung by checking the firewall log on the box
being tested as well as doing a 'ps aux | grep openvas' on the OpenVAS
host. Both tests 
indicate that OpenVAS is using the nmap plugin - It
just takes sooo long. However sometimes running the same task again,
finishes within 20 minutes.

Running 'ps aux | grep openvas' returns in
part: 

root 1947 0.0 1.6 166156 50072 ? S 14:05 0:00 openvassd: testing
10.10.1.130 (/var/lib/openvas/plugins/nmap.nasl)

A good understanding
of this behaviour would be great. 

Thanks in advance, 

Ted 
 ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss