LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   openvas to scan ip on internet fails (https://www.linuxquestions.org/questions/linux-security-4/openvas-to-scan-ip-on-internet-fails-4175558355/)

pgb205 11-08-2015 08:40 PM
openvas to scan ip on internet fails
 
Already verified that openvas is working when scanning local ip's.

However,scanning my ip servers on the internet does not produce any results.
Not sure I'm OpenVAS only works on local servers or anything else that i need to do to have it scan hosts on the internet?

unSpawn 11-09-2015 01:17 AM
OpenVAS doesn't come with crippled functionality in any way and will scan any host it can connect with. Since you haven't spilled any relevant details about where you're scanning from, what scan configuration you use, what your targets are and we don't know if there's any filtering along the way maybe start by doing some simple diags like ping, tcptraceroute and nmap (basic connect scan, verbose, and only select ports you know are open) your servers?..

pgb205 11-09-2015 12:59 PM
scanning remote server that's accessible on the internet (aws) from my local network.

from the server where openvas is installed i checked the following:
nmap shows 22/80 opened and I confirmed that I can access via ssh and http as well

tcptraceroute reaches the server as expected.

Based on the above I think it's clear that routing between the servers is properly setup.

on OpenVas server I tried scanning local network servers which provide expected results.
However, doing immediate scan with all the default settings terminates almost immediately with the following:
Empty reports can happen for the following reasons:
The target hosts where regarded dead.
The filter does not match any result.
A very small or non-verbose scan configuration was applied.


I also tried doing ultimate scan but that didn't help.

PS: also tried ping as suggested and it appears to be blocked.

berndbausch 11-09-2015 01:37 PM
While the only thing I know about Openvas is how it's spelt, I think this is an excellent use case for tracing. It allows you to see how Openvas is trying to check out the other side, and what error packets, if any, come back.

Code:
tcpdump -i mynetworkinterface host something.aws.com
would be my first approach. You can also save the packets to a file and analyze them later.

wireshark is a little bit like tcpdump, but much better at interpreting packets of different types, and it has a GUI with many bells and whistles.

_mime_ 12-03-2015 05:35 AM
Quote:
Originally Posted by pgb205 (Post 5447047)
PS: also tried ping as suggested and it appears to be blocked.
If that is the case, choose a different "Alive Test" when creating a target, for example "ICMP, TCP Service & ARP Ping" or just use "Consider alive".

See "docs.greenbone.net/GSM-Manual/gos-3.1/en/scanning.html" for more information about the "Alive Test"

HTH


All times are GMT -5. The time now is 05:03 AM.