[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-discuss
Subject:    Re: [Openvas-discuss] vulnerability scanning on non standard ports
From:       Thomas Reinke <lists () securityspace ! com>
Date:       2011-11-30 21:59:55
Message-ID: 4ED6A75B.4050807 () securityspace ! com
[Download RAW message or body]

Checks will automatically be run on any port that detects a web server.
Scans are broken down into three phases:
1) Port scan (find open ports)
2) Service identification (Id the services on open ports)
3) Vuln checks, leveraging services.

So if a web service check is run, and there are 4 ports identified
as hosting a web server, the check is run against all ports.

That's why having the proper port scan run first is critical to
getting a complete audit result.

Thomas

On 30/11/11 04:19 PM, bb.boogie wrote:
> Is there a way other than editing that actual check to scan for known
> vulnerabilities on non-standard ports? For example, I have a web server
> running apache tomcat running on port 31885 or something. Can I select
> all tomcat checks and have openvas check for them on this non-standard
> port?
>
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[prev in list] [next in list] [prev in thread] [next in thread]