Login   
 
Home » Learning Center » Tech FAQ 

Tech FAQ

Scan process very slow

The performance of a scan depends on various aspects.

  • Several port scanners were activated concurrently.

    If your are using a individual Scan Config please take care to select only a single port scanner in the famility "Port Scanner". Of course "Ping Host" can still be activated.

  • Unused IP addresses are scanned very time-consuming.

    In a first phase for each IP address it is detected whether a active system is present. In case it is not, this IP will not be scannned. Firewalls and other systems can prevent a sucessful detection. The NVT "Ping Host" (1.3.6.1.4.1.25623.1.0.100315) offers to fine-tune detection.

Scan triggers alarm at other security tools

For many vulnerability tests the behaviour of real attacks is applied. Even though a real attack does not happen, some security tools will issue an alarm.

Known examples are:

  • Symantec reports attack regarding CVE-2009-3103 if the NVT "Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability" (1.3.6.1.4.1.25623.1.0.100283) is executed. This NVT is only executed if "safe checks" is explicitely disabled in the Scan Configuration because it can affect the target system.

On scanned target systems appears a VNC dialog

When testing port 5900 or configured VNC port, a window appears on scanned target system that asks the user whether to allow the connection. This was observed for UltraVNC Version 1.0.2.

Solution: Exclude port 5900 or other configured VNC port from target specification. Alternatively upgrade to a newer version of UltraVNC would help (UltraVNC 1.0.9.6.1 only uses baloons to inform users).

After Factory Reset neither Feed-Update nor System-Upgrade works

(This is not relevant for virtual appliances where no factory reset is integrated anyway)

A Factory Reser deletes the whole system including the subscription key. The key is mandatory for Feed-Update and System-Upgrade.

  1. Reactivate subscription key:

    A backup key is delivered with each GSM appliance, usually stored on a USB Stick and lebelled with the key ID. Use this key to reactivate the GSM. The activation is described in the SetUp Guide of the respective GSM type.

  2. Update system to current version:

    Depending on the age of the factors emergency system you now need to execute the respective upgrade procedure. Details can be found here: GSM Upgrade.


Greenbone Networks GmbH © 2009-2013
All rights reserved.
Contact
FAQ