Re: [Openvas-plugins] Port 9999 OpenVAS scan
Hi, i had a chance to get a hand on a OpenBSD 6.3 system and implemented a detection for this pfstatd service. With the next feed update the following NVT should be able to detect that service as long it isn't responding with something completely different on your system: Name: Service Detection with 'GET' Request OID: 1.3.6.1.4.1.25623.1.0.17975 Regards, On 16.02.2018 14:12, Christian Fischer wrote: > Hi, > > On 14.02.2018 11:26, Andreas Roed wrote: >> Its the first one with the banner. I would rather not send the banner, as it >> is actually a bunch of information about my interfaces and statistics on >> data. >> >> i hope that is okay. > > unfortunately that won't help us that much as no service detection can > be implemented without knowing the data the service returns. And even if > we setup an OpenBSD its not sure if we got the same setup like yours. > > Maybe you could anonymize the output or only partly paste the data of > the banner in here without sensitive data? > > As an alternative you could also search on public search engines like > https://www.shodan.io/ or https://censys.io/ipv4 for some pattern and > provide such a system here which is similar to yours. > > Regards, > >> Br >> Andreas >> >> >>> On 14 Feb 2018, at 17.31, Christian Fischer >>> wrote: >>> >>> Hi, >>> >>> On 14.02.2018 01:03, Andreas Roed wrote: I am new to OpenVAS and wanted to try it out. When I did a scan of my OpenBSD router, it found my pfstat running. OpenVAS didn’t know what it was and asked me to send the status to this email. >>> >>> thanks for your reply. There are two NVTs concerning services which are >>> asking to providing info to this mailinglist: >>> >>> Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154 >>> OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937 >>> >>> As you havn't provided the log message of those it wasn't really clear >>> from your post that you would like to report such an unknown service. >>> >>> Any chances to provide the info in witch context OpenVAS asked you to >>> send the status to this mailinglist and the output of this? >>> >>> Thanks again, >>> >>> Regards >>> > On 14 Feb 2018, at 03.12, Christian Fischer > wrote: > > Hi, > >> On 12.02.2018 13:19, Andreas Roed wrote: >> I had opened for port by mistake and openvas found it. The service >> running on it is the stats module of PF (Packet Filter) on my OpenBSD > > could you provide some more context for this post like: > > 1. Whats the reason for your post? > 2. What outcome are you expecting? > 3. Any additional information you would like provide? > > Regards, >>> >>> -- >>> >>> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD >>> Greenbone Networks GmbH | http://greenbone.net >>> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 >>> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >> > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
Re: [Openvas-plugins] Port 9999 OpenVAS scan
Hi, On 14.02.2018 11:26, Andreas Roed wrote: > Its the first one with the banner. I would rather not send the banner, as it > is actually a bunch of information about my interfaces and statistics on > data. > > i hope that is okay. unfortunately that won't help us that much as no service detection can be implemented without knowing the data the service returns. And even if we setup an OpenBSD its not sure if we got the same setup like yours. Maybe you could anonymize the output or only partly paste the data of the banner in here without sensitive data? As an alternative you could also search on public search engines like https://www.shodan.io/ or https://censys.io/ipv4 for some pattern and provide such a system here which is similar to yours. Regards, > Br > Andreas > > >> On 14 Feb 2018, at 17.31, Christian Fischer >> wrote: >> >> Hi, >> >> On 14.02.2018 01:03, Andreas Roed wrote: >>> I am new to OpenVAS and wanted to try it out. When I did a scan of my >>> OpenBSD router, it found my pfstat running. OpenVAS didn’t know what it was >>> and asked me to send the status to this email. >> >> thanks for your reply. There are two NVTs concerning services which are >> asking to providing info to this mailinglist: >> >> Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154 >> OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937 >> >> As you havn't provided the log message of those it wasn't really clear >> from your post that you would like to report such an unknown service. >> >> Any chances to provide the info in witch context OpenVAS asked you to >> send the status to this mailinglist and the output of this? >> >> Thanks again, >> >> Regards >> On 14 Feb 2018, at 03.12, Christian Fischer wrote: Hi, > On 12.02.2018 13:19, Andreas Roed wrote: > I had opened for port by mistake and openvas found it. The service > running on it is the stats module of PF (Packet Filter) on my OpenBSD could you provide some more context for this post like: 1. Whats the reason for your post? 2. What outcome are you expecting? 3. Any additional information you would like provide? Regards, >> >> -- >> >> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD >> Greenbone Networks GmbH | http://greenbone.net >> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
Re: [Openvas-plugins] Port 9999 OpenVAS scan
Hi, On 14.02.2018 01:03, Andreas Roed wrote: > I am new to OpenVAS and wanted to try it out. When I did a scan of my OpenBSD > router, it found my pfstat running. OpenVAS didn’t know what it was and asked > me to send the status to this email. thanks for your reply. There are two NVTs concerning services which are asking to providing info to this mailinglist: Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154 OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937 As you havn't provided the log message of those it wasn't really clear from your post that you would like to report such an unknown service. Any chances to provide the info in witch context OpenVAS asked you to send the status to this mailinglist and the output of this? Thanks again, Regards >> On 14 Feb 2018, at 03.12, Christian Fischer >> wrote: >> >> Hi, >> >>> On 12.02.2018 13:19, Andreas Roed wrote: >>> I had opened for port by mistake and openvas found it. The service >>> running on it is the stats module of PF (Packet Filter) on my OpenBSD >> >> could you provide some more context for this post like: >> >> 1. Whats the reason for your post? >> 2. What outcome are you expecting? >> 3. Any additional information you would like provide? >> >> Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
Re: [Openvas-plugins] Port 9999 OpenVAS scan
Hi, On 12.02.2018 13:19, Andreas Roed wrote: > I had opened for port by mistake and openvas found it. The service > running on it is the stats module of PF (Packet Filter) on my OpenBSD could you provide some more context for this post like: 1. Whats the reason for your post? 2. What outcome are you expecting? 3. Any additional information you would like provide? Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins