20. Frequently Asked Questions

20.1. Why is the Scanning Process so Slow?

The performance of a scan depends on various aspects.

  • Several port scanners were activated concurrently.

    If an individual scan configuration is used, select only a single port scanner in the NVT family Port scanners (see Chapter 10.9.3). The NVT Ping Host can still be activated.

  • Unused IP addresses are scanned very time-consuming.

    As a first step, it is detected whether an active system is present or not for each IP address. In case it is not, this IP address will not be scanned. Firewalls and other systems can prevent a successful detection. The NVT Ping Host (1.3.6.1.4.1.25623.1.0.100315) in the NVT family Port scanners offers fine-tuning of the detection.

20.2. Why Does the Scan Trigger Alarms on Other Security Tools?

For many vulnerability tests the behaviour of real attacks is applied. Even though a real attack does not happen, some security tools will issue an alarm.

A known example is:

Symantec reports attacks regarding CVE-2009-3103 if the NVT Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Remote Code Execution Vulnerability (1.3.6.1.4.1.25623.1.0.100283) is executed. This NVT is only executed if the radiobutton No is selected for safe_checks in the scanner preferences (see Fig. 20.1). Otherwise the target system can be affected.

_images/faq.png

Fig. 20.1 Disabling the scanner preference safe_checks

20.3. Why Does a VNC Dialog Appear on the Scanned Target System?

When testing port 5900 or configuring a VNC port, a window appears on the scanned target system asking the user to allow the connection. This was observed for UltraVNC Version 1.0.2.

Solution: exclude port 5900 or other configured VNC ports from the target specification. Alternatively, upgrading to a newer version of UltraVNC would help (UltraVNC 1.0.9.6.1 only uses balloons to inform users).

20.4. How Can a Factory Reset of the GSM Be Performed?

A factory reset can be performed to erase user data securely from the GSM.

Note

Contact the Greenbone Networks Support via e-mail (support@greenbone.net) to receive detailed instructions on how to perform a factory reset.

20.5. Why Does Neither Feed Update nor GOS Upgrade Work After a Factory Reset?

A factory reset deletes the whole system including the Greenbone Security Feed (GSF) subscription key. The GSF subscription key is mandatory for feed updates and GOS upgrade.

  1. Reactivate the GSF subscription key:

    A backup key is delivered with each GSM appliance (see Chapter 7.1.1). Use this key to reactivate the GSM. The activation is described in the setup guide of the respective GSM type (see Chapter 5).

  2. Update the system to the current version:

    Depending on the GOS version, the respective upgrade procedure has to be executed.

20.6. What Can Be Done if the GOS Administration Menu Is not Displayed Correctly in PuTTY?

Check the settings in PuTTY by selecting Window > Translation in the left panel. UTF-8 has to be selected in the drop-down-list Remote character set (see Fig. 20.2).

_images/faq2.png

Fig. 20.2 Selecting the remote character set

20.7. How Can the GMP Status Be Checked Without Using Credentials?

  1. Build an SSH connection to the GSM via command line using the GMP user:

    ssh gmp@<gsm>
    

    Replace <gsm> with the IP address or DNS name of the GSM appliance.

    Note

    No input prompt is displayed but the command can be entered nevertheless.

  2. Enter <get_version/>.

    → If GMP is activated, the output should look like <get_version_response status="200" status_text="OK"><version>8.0</version></get_version_response>.