21. Frequently Asked Questions

21.1. Why is the Scanning Process so Slow?

The performance of a scan depends on various aspects.

  • Several port scanners were activated concurrently.

    If an individual scan configuration is used, take care to select only a single port scanner in the family Port Scanner (see Chapter Creating a New Scan Configuration). Of course Ping Host can still be activated.

  • Unused IP addresses are scanned very time-consuming.

    In a first phase for each IP address it is detected whether an active system is present. In case it is not, this IP address will not be scanned. Firewalls and other systems can prevent a successful detection. The NVT “Ping Host” (1.3.6.1.4.1.25623.1.0.100315) offers to fine tune detection.

21.2. Why Does the Scan Trigger Alarms at Other Security Tools?

For many vulnerability tests the behaviour of real attacks is applied. Even though a real attack does not happen, some security tools will issue an alarm.

A known example is:

  • Symantec reports attack regarding CVE-2009-3103 if the NVT “Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Remote Code Execution Vulnerability” (1.3.6.1.4.1.25623.1.0.100283) is executed. This NVT is only executed if safe checks is explicitly disabled in the scan configuration because it can affect the target system.

21.3. Why Does a VNC Dialog Appear on the Scanned Target System?

When testing port 5900 or configuring a VNC port, a window appears on the scanned target system asking the user to allow the connection. This was observed for UltraVNC Version 1.0.2.

Solution: exclude port 5900 or other configured VNC ports from the target specification. Alternatively upgrading to a newer version of UltraVNC would help (UltraVNC 1.0.9.6.1 only uses balloons to inform users).

21.4. Why Does Neither Feed Update nor GOS Upgrade Work After a Factory Reset?

This is not relevant for virtual appliances where no factory reset is integrated.

A factory reset deletes the whole system including the subscription key. The key is mandatory for feed updates and GOS upgrade.

  1. Reactivate the subscription key:

    A backup key is delivered with each GSM appliance, usually stored on a USB stick and labelled with the key ID. Use this key to reactivate the GSM. The activation is described in the setup guide of the respective GSM type (see Chapter Setup Guides).

  2. Update system to current version:

    Depending on the age of the emergency system, the respective upgrade procedure has to be executed.