8. Frequently Asked Questions

8.1. Which Ports Are Necessary for the Communication Between the Greenbone Scan Cluster (GSC) and the VPN Gateway?

The gateway uses the following outgoing connections:

  • Outgoing tcp 443 to 45.135.106.140 (GSC)

  • Outgoing tcp 443 to 51.105.147.116 (GCS ADN)

  • Outgoing tcp 443 to 13.69.64.90 (update service)

8.2. Which Technology Is Used for the VPN Connection?

An SSH Layer 2 based VPN is used for the VPN connection.

8.3. What Has to Be Done if MAC-NAT Does Not Work?

With gateway version 1.5 or higher there are usually no problems.

If MAC-NAT does not work, the checkbox Use MAC-NAT has to be deselected when creating a gateway and the following settings have to be configured in VMware ESXi or Oracle VirtualBox:

In VMware ESXi:

  • Create a separate Port Group for the gateway and connect the gateway to it.

  • Change the settings Promiscuous mode and Forged transmits for the port group to Accept.

In Oracle VirtualBox:

  • In the network settings, open Advanced and change the setting Promiscuous Mode to Allow All.

8.4. What Happens to the User Account When the Subscription Ends?

When the subscription ends, the user can still log in and see all completed reports. The starting of new scans is no longer possible.

If the account is not used anymore, it is deleted after a certain time. The user will receive a notification beforehand.

8.5. Why is the Scanning Process so Slow?

The performance of a scan depends on various aspects. One possible reason is the time-consuming scanning of unused IP addresses.

To avoid this, a “Discovery” scan should be performed before the actual scan. This scan detects for each IP address whether it is active or not. Inactive IP addresses will not be scanned during the actual scan.

Firewalls and other systems can prevent a successful detection.

8.6. Why Does a VNC Dialog Appear on the Scanned Target System?

When testing port 5900 or configuring a VNC port, a window appears on the scanned target system asking the user to allow the connection. This was observed for UltraVNC Version 1.0.2.

Solution: exclude port 5900 or other configured VNC ports from the target specification. Alternatively, upgrading to a newer version of UltraVNC would help (UltraVNC 1.0.9.6.1 only uses balloons to inform users).

8.7. Why Does the Scan Trigger Alarms on Other Security Tools?

For many vulnerability tests the behaviour of real attacks is applied. Even though a real attack does not happen, some security tools will issue an alarm.

A known example is:

Symantec reports attacks regarding CVE-2009-3103 if the VT Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Remote Code Execution Vulnerability (1.3.6.1.4.1.25623.1.0.100283) is executed. This VT is only executed if VTs that may cause damage to the host system are enabled by the scan configuration. Otherwise the target system can be affected.