Discussion:
SMTP problems not discovered
deepak
2014-07-25 15:35:02 UTC
Permalink
Hi,

I have a target host that runs an SMTP server on port 25. I have the
target configured with "All IANA assigned TCP and UDP 2012-02-10
<https://10.25.25.159:9392/omp?cmd=get_port_list&port_list_id=4a4717fe-57d2-11e1-9a26-406186ea4fc5&token=22433b51-ac0f-494e-b727-e11b89fb0fb0>"
port list, so it should include port 25.


I created a task with the above target and "Full and very deep ultimate"
scan config, which should include running SMTP related tests.
However, I do not see any SMTP related log messages in the results. When I
manually test the target's SMTP, I see that it replies to
EXPN command and this should have been detected. Moreover, it should have
at least logged a "log" level message saying that it found an SMTP server,
which I don't see in the results. I suspect the related family of NVTs
isn't being run at all.

I have made sure that the target host and port are reachable from the host
where openvas is installed (I can telnet to it).

Anything I'm missing?


--
Deepak
Brandon Perry
2014-07-25 15:39:28 UTC
Permalink
Does it respond to ICMP pings? OpenVAS may be skipping it due to no
response from a ping.
Post by deepak
Hi,
I have a target host that runs an SMTP server on port 25. I have the
target configured with "All IANA assigned TCP and UDP 2012-02-10
<https://10.25.25.159:9392/omp?cmd=get_port_list&port_list_id=4a4717fe-57d2-11e1-9a26-406186ea4fc5&token=22433b51-ac0f-494e-b727-e11b89fb0fb0>"
port list, so it should include port 25.
I created a task with the above target and "Full and very deep ultimate"
scan config, which should include running SMTP related tests.
However, I do not see any SMTP related log messages in the results. When
I manually test the target's SMTP, I see that it replies to
EXPN command and this should have been detected. Moreover, it should have
at least logged a "log" level message saying that it found an SMTP server,
which I don't see in the results. I suspect the related family of NVTs
isn't being run at all.
I have made sure that the target host and port are reachable from the host
where openvas is installed (I can telnet to it).
Anything I'm missing?
--
Deepak
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
deepak
2014-07-25 15:44:29 UTC
Permalink
from command line, yes. However I had to configure the target's "Alive
Test:" to be "Consider Alive" because it always logged "host is dead" or
such when it was left with the default "Scan Config Default".


Thanks,
Deepak
Post by Brandon Perry
Does it respond to ICMP pings? OpenVAS may be skipping it due to no
response from a ping.
Post by deepak
Hi,
I have a target host that runs an SMTP server on port 25. I have the
target configured with "All IANA assigned TCP and UDP 2012-02-10
<https://10.25.25.159:9392/omp?cmd=get_port_list&port_list_id=4a4717fe-57d2-11e1-9a26-406186ea4fc5&token=22433b51-ac0f-494e-b727-e11b89fb0fb0>"
port list, so it should include port 25.
I created a task with the above target and "Full and very deep ultimate"
scan config, which should include running SMTP related tests.
However, I do not see any SMTP related log messages in the results. When
I manually test the target's SMTP, I see that it replies to
EXPN command and this should have been detected. Moreover, it should
have at least logged a "log" level message saying that it found an SMTP
server, which I don't see in the results. I suspect the related family of
NVTs isn't being run at all.
I have made sure that the target host and port are reachable from the
host where openvas is installed (I can telnet to it).
Anything I'm missing?
--
Deepak
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
Brandon Perry
2014-07-25 15:45:42 UTC
Permalink
So configuring the target to be considered alive resolved the issue?
Post by deepak
from command line, yes. However I had to configure the target's "Alive
Test:" to be "Consider Alive" because it always logged "host is dead" or
such when it was left with the default "Scan Config Default".
Thanks,
Deepak
Post by Brandon Perry
Does it respond to ICMP pings? OpenVAS may be skipping it due to no
response from a ping.
Post by deepak
Hi,
I have a target host that runs an SMTP server on port 25. I have the
target configured with "All IANA assigned TCP and UDP 2012-02-10
<https://10.25.25.159:9392/omp?cmd=get_port_list&port_list_id=4a4717fe-57d2-11e1-9a26-406186ea4fc5&token=22433b51-ac0f-494e-b727-e11b89fb0fb0>"
port list, so it should include port 25.
I created a task with the above target and "Full and very deep ultimate"
scan config, which should include running SMTP related tests.
However, I do not see any SMTP related log messages in the results.
When I manually test the target's SMTP, I see that it replies to
EXPN command and this should have been detected. Moreover, it should
have at least logged a "log" level message saying that it found an SMTP
server, which I don't see in the results. I suspect the related family of
NVTs isn't being run at all.
I have made sure that the target host and port are reachable from the
host where openvas is installed (I can telnet to it).
Anything I'm missing?
--
Deepak
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
deepak
2014-07-25 15:52:47 UTC
Permalink
I don't see the "host is dead" message in the logs anymore.

In the report, I expected at least two things to pop up:

SMTP server accepts us, OID: 1.3.6.1.4.1.25623.1.0.18528

Check if Mailserver answer to VRFY and EXPN requests, OID:
1.3.6.1.4.1.25623.1.0.100072
(manual testing reveals that the server responds to EXPN)

Since I don't see either of them, I suspect that it's not detecting the
SMTP server or it's not running any SMTP specific tests...

--
Deepak
Post by Brandon Perry
So configuring the target to be considered alive resolved the issue?
Post by deepak
from command line, yes. However I had to configure the target's "Alive
Test:" to be "Consider Alive" because it always logged "host is dead" or
such when it was left with the default "Scan Config Default".
Thanks,
Deepak
On Fri, Jul 25, 2014 at 10:39 AM, Brandon Perry <
Post by Brandon Perry
Does it respond to ICMP pings? OpenVAS may be skipping it due to no
response from a ping.
Post by deepak
Hi,
I have a target host that runs an SMTP server on port 25. I have the
target configured with "All IANA assigned TCP and UDP 2012-02-10
<https://10.25.25.159:9392/omp?cmd=get_port_list&port_list_id=4a4717fe-57d2-11e1-9a26-406186ea4fc5&token=22433b51-ac0f-494e-b727-e11b89fb0fb0>"
port list, so it should include port 25.
I created a task with the above target and "Full and very deep
ultimate" scan config, which should include running SMTP related tests.
However, I do not see any SMTP related log messages in the results.
When I manually test the target's SMTP, I see that it replies to
EXPN command and this should have been detected. Moreover, it should
have at least logged a "log" level message saying that it found an SMTP
server, which I don't see in the results. I suspect the related family of
NVTs isn't being run at all.
I have made sure that the target host and port are reachable from the
host where openvas is installed (I can telnet to it).
Anything I'm missing?
--
Deepak
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
Jan-Oliver Wagner
2014-08-03 19:23:42 UTC
Permalink
Post by deepak
I don't see the "host is dead" message in the logs anymore.
SMTP server accepts us, OID: 1.3.6.1.4.1.25623.1.0.18528
1.3.6.1.4.1.25623.1.0.100072
(manual testing reveals that the server responds to EXPN)
Since I don't see either of them, I suspect that it's not detecting the
SMTP server or it's not running any SMTP specific tests...
the log results should at least say there is a SMTP service.

Have you tried with just Full&Fast and not an agressive scan?

You could even just run the "Discovery" scan as a faster way
to see whether it is found.
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...