Re: [Openvas-discuss] scans take forever - sometimes...
*** Michael Meyer wrote: > *** fschnit...@execulink.com wrote: > > > Ok, so as it appears _all_ of the OpenVAS default scanner configs use > > a default scan mode of TCP Connect (connect()). I see that what I need > > to do for my fast scans that are firewalled, is to > > clone an existing > > scan config, alter the clone, change the TCP Scanning Technique" to SYN > > then use that clone in my scans. > Works for me... After changing the scan config the following is executed: nmap -n -P0 -oG /tmp/nmap-192.168.2.110-144908050 -sS -p T:1-5 -T 3 192.168.2.110 Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
*** fschnit...@execulink.com wrote: > Ok, so as it appears _all_ of the OpenVAS default scanner configs use > a default scan mode of TCP Connect (connect()). I see that what I need > to do for my fast scans that are firewalled, is to > clone an existing > scan config, alter the clone, change the TCP Scanning Technique" to SYN > then use that clone in my scans. Ohh...sorry, completly overlooked. Ignore my last mail. The above should work. I'll have a look if there is a problem in the NVT or something else. Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
*** fschnit...@execulink.com wrote: > > The only thing > that works for me is to edit the nmap.nasl file and change: > else > argv[i++] = "-sT"; > to > else argv[i++] = "-sS"; Edit the scanconfig. Edit family "Port scanners". Edit "Nmap (NASL wrapper)". Change the "TCP scanning technique :" to "SYN scan". Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
Ok, so as it appears _all_ of the OpenVAS default scanner configs use a default scan mode of TCP Connect (connect()). I see that what I need to do for my fast scans that are firewalled, is to clone an existing scan config, alter the clone, change the TCP Scanning Technique" to SYN then use that clone in my scans. I've done this with the Full and Fast scan config, and double checked more than once, yet when I run my task (even after restarting openvas) using my newly cloned scan config, I see it is still passing the tcp connect flag (-sT) to nmap: nmap -n -P0 -oG /tmp/nmap-10.10.1.1-1598147081 -sT -sU -p T:1-5,7. The only thing that works for me is to edit the nmap.nasl file and change: else argv[i++] = "-sT"; to else argv[i++] = "-sS"; Any help would be appreciated ONE OTHER OFF TOPIC FEATURE REQUEST: If someone could move the garbage can icon as far away from the wrench icon as possible, it would be much appreciated. It's a little like having the nuclear missile launch button right beside the channel up button on your TV remote... Thanks, Ted ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
Hello, Still tinkering with my ongoing slow scan issues. Basically I'm on a Kali 2 box with OpenVAS 8, NMAP 7.31. When I'm port scanning firewalls the scans take forever, 2 hours or more. I've had some recommendations to change firewall rules to REJECT instead of DROP. I've done this and it has helped the speed of NMAP scans, but no difference for OpenVAS (Full and Fast) scans. The only thing that speeds up the OpenVAS scans is if I alter the firewall to ACCEPT packets from the scanner. But that is not ideal, and I do not always have control over the upstream firewalls. So along with NMAP performing full scans within 15 minutes, a Nessus installation on the same Kali box also completes a full scan within 15-20 minutes. It just seems to be OpenVAS taking an exceptionally long time. Any other ideas would be appreciated... One other thing worthy of mention: These boxes VM's are in a VMWare Workstation test environment using NAT. So there should be no network latency. Thanks , Ted. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
Am 15.11.2016 um 23:54 schrieb Fábio Fernandes: It has happened to me too. Analyzing further with tcpdump and strace i could see that the retry speed rate seemed to be lower (maybe due to nmap adapting to the conditions of the network like weak connection or firewalls) but the same nmap command would finish in 15 to 20 minutes. I tried changing the timing options in the nmap portscanning plugin but never could confirm if it completely solved the issue as it happened only sometimes. fix your firewall setting to *not drop* but reject packages from the scanner ip No dia 10/11/2016, às 06:10, Christian Fischerescreveu: Hi, On 09.11.2016 22:48, fschnit...@execulink.com wrote: A good understanding of this behaviour would be great. the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so you might need to dig into nmap itself to see why it is sometimes faster and the other time not ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
It has happened to me too. Analyzing further with tcpdump and strace i could see that the retry speed rate seemed to be lower (maybe due to nmap adapting to the conditions of the network like weak connection or firewalls) but the same nmap command would finish in 15 to 20 minutes. I tried changing the timing options in the nmap portscanning plugin but never could confirm if it completely solved the issue as it happened only sometimes. Fabio > No dia 10/11/2016, às 06:10, Christian Fischer >escreveu: > > Hi, > > On 09.11.2016 22:48, fschnit...@execulink.com wrote: >> A good understanding >> of this behaviour would be great. > > the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so > you might need to dig into nmap itself to see why it is sometimes faster > and the other time not. > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > Greenbone Networks GmbH | http://greenbone.net > Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
Hi, On 09.11.2016 22:48, fschnit...@execulink.com wrote: > A good understanding > of this behaviour would be great. the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so you might need to dig into nmap itself to see why it is sometimes faster and the other time not. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scans take forever - sometimes...
Hello, I'm having trouble understanding why the same scan task/target can take so long sometimes but not other times. When I run a scan on one host using the default OpenVAS port list and the Fast and Full scan type, it can take as much as several hours or more to complete. I can see that the scan is not hung by checking the firewall log on the box being tested as well as doing a 'ps aux | grep openvas' on the OpenVAS host. Both tests indicate that OpenVAS is using the nmap plugin - It just takes sooo long. However sometimes running the same task again, finishes within 20 minutes. Running 'ps aux | grep openvas' returns in part: root 1947 0.0 1.6 166156 50072 ? S 14:05 0:00 openvassd: testing 10.10.1.130 (/var/lib/openvas/plugins/nmap.nasl) A good understanding of this behaviour would be great. Thanks in advance, Ted ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss