On 22/03/13 12:36 PM, Michael Meyer wrote:
Hi Vivek,
*** Vivek Umasuthan wrote:
On 22/03/13 11:21 AM, Michael Meyer wrote:
*** Vivek Umasuthan wrote:
[I am sorry that the message seems a bit cryptic. I can't disclose the
port number or the name of the software but I will provide as much
info as you need if you can help].
Without knowing which software is running at this HTTP Port, it's hard
to say what could be the problem. Maybe we just don't have a NVT for
this software.
Thanks for the reply Micha. I understand. I've been using OpenVAS
for a while now and I know that if the there is a web server on port
80, OpenVAS will tell you so in Log messages (regardless of whether
there were any vulnerabilities found).
OpenVAS will report this for every open port where a HTTP server was
found. Not only for port 80.
It did not do so here and that is why I came to the conclusion that
perhaps OpenVAS isn't aware that there is a service behind these ports
(they are TCP ports above 10000).
OpenVAS test every open port for http services. Is it a SSL based
service? Then it could be that OpenVAS doesn't detect this and speak
plain HTTP to this port.
If it is a SSL based service, see the "Test SSL based services" option
in your scan config and change this from "Known SSL ports" to "All".
Thanks for the reply Micha. I have set this value and am proceeding to
do the scan.
I have another question. When we configure the targets, there is a 'port
range' value. Does the default include all TCP/UDP ports or only the
well known ones?
Maybe there is some of other problem with the detection of this HTTP
service. Maybe the response is not what OpenVAS expected for a HTTP service.
But as long as i dind't know about which service you are speaking i can only
guess.
The banner of this http service would be interesting and helpfull.
The service is a web server and it is the Jetty web server that I'm
trying to scan. It's listening on a non-default port. Only HTTPS is
available. HTTP is not.
How can I get you this banner? I will check if it can be provided and
send it.
Vivek
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
