openvas test results
-
IIS 8 on Server 2012.
I suppose it is possible that even at 80% this is a false positive detection.
Windows update screen
The optional update is for SilverLight -
@momurda said in openvas test results:
IIS 8 on Server 2012.
I suppose it is possible that even at 80% this is a false positive detection.
Windows update screen
The optional update is for SilverLightIt could be that Microsoft hasn't released those updates for 2012. Isn't 2012 only covered under extended support now?
Edit: Answering my own question, normal support for 2012/2012R2 ends in 2018.
Accordingly, you should be able to apply those updates.
-
I think they are applied and that openvas is being dumb.
-
The updates that openvas says are missing are actually installed.
and
-
Does anyone still have an OpenVAS scanner going?
-
I use mine every couple weeks. It is off right now
-
@momurda said in openvas test results:
I use mine every couple weeks. It is off right now
I'm asking because I don't have anything set up, and was curious if anyone could do a non-intrusive vunlerability scan against my VPSs, one on GCP and one on turnkeyinternet?
I'd like to compare the results...
-
If you give me ip and port i can setup and run a scan. It is incredibly slow here this week. I shouldnt even be in the office.
-
@momurda said in openvas test results:
If you give me ip and port i can setup and run a scan. It is incredibly slow here this week. I shouldnt even be in the office.
See what comes up just from that info.
-
Ok scanning now
edit: openvas tripped the IPS and got banned from all net activity for 20 minutes while scanning these sites, so it was working. -
@momurda said in openvas test results:
Ok scanning now
edit: openvas tripped the IPS and got banned from all net activity for 20 minutes while scanning these sites, so it was working.Okay, I will see about turning it off later today. I'll let you know. Thanks for trying.
-
@tim_g I meant my IPS. It has resumed scanning after the 20 minute ban.
-
@momurda said in openvas test results:
@tim_g I meant my IPS. It has resumed scanning after the 20 minute ban.
Ah I see
-
These scans take about 50x as long over the internet as internally, even over a Gb WAN connection.
Do you want me to post results here as screenies or do you want a pdf pm to you? -
@momurda said in openvas test results:
These scans take about 50x as long over the internet as internally, even over a Gb WAN connection.
Do you want me to post results here as screenies or do you want a pdf pm to you?Don't publicly post them!
-
@momurda said in openvas test results:
These scans take about 50x as long over the internet as internally, even over a Gb WAN connection.
Do you want me to post results here as screenies or do you want a pdf pm to you?It depends on the results.
If it's just saying "hey these are the open ports", public is fine. I can already tell you SSH, Cockpit, Salt, and MC ports are open on the one VPS... as they should be.
If it gets deep into things that are a real vulnerability, that are fixable, then I'd rather keep private until I can fix them... then I or you can post them publicly.
-
Ok you can decide, ill send them when done. One is at 98%, the other 16%.
So far i have had to lower QoD to 0 and include Log and FP to get anything to show on results page.
