[Openvas-discuss] Not scanning machines which don't respond to pings

Michael Meyer michael.meyer at greenbone.net
Sat Aug 11 11:51:26 CEST 2012


*** Whit Blauvelt wrote:

> Having a baseline scan that skips IPs that don't respond to pings
> assumes that everyone will leave ping response on across their IP
> range.

ping_host.nasl first send an ICMP ping. If there is no answer, it
looks if one of the following ports is open.

"139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025, 25, 111, 1028, 9100,
1029, 79, 497, 548, 5000, 1917, 53, 161, 9001, 65535, 443, 113, 993,
8080, 0"

Only if even that fails ping_host.nasl will mark a host as dead.

> Ping is off for a large percentage of public IPs that yet have services exposed.

Realy? How many (in %) you think don't answer to ping? Where did you
get this information?

Not allowing ping makes _no_ security gain. Denying ICMP is mainly
only useful in the "Security By Obscurity" model. "Security By
Obscurity", however, is completely useless.

Micha

-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list