Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MBSA incomplete scans

From: sprocklab <sprocklab () gmail com>
Date: Tue, 16 Jan 2007 23:27:43 -0500
Hey Hari,
Im not too familiar with MBSA, but have you tried to look at the Windows Firewall Log (for reference: http://support.microsoft.com/kb/ 875357) to check to see what happens when you run MBSA on a particular workstation. The Windows Firewall Log should indicate the IP that tried to connect, the ports MBSA tried to connect with and whether or not it allowed to connect or not. This can confirm what XP firewall is doing when it receives an incoming request. You may find something different that what you observed? 

I hope this helps..

Fabian

On Jan 16, 2007, at 6:19 AM, Hari Sekhon wrote:
I'm using MBSA which I have used for quite a long time previously. I'm however having a spot of trouble in my latest network audit with it. I'm using the latest version against XP Sp2 clients with firewalls enabled. I get: 

"Incomplete Scan (Could not complete one or more requested checks)"
I know this is because MBSA cannot contact the agent on the target machines and this is because of the firewalls, but I have defined port exceptions at the domain level via group policy for file and printer sharing which opens up udp ports 137,138 and tcp 139 and 445. I have also made an explicit rule to open up tcp port 135 for my workstation, as well as defining to allow a remote administration exception in the firewall for my workstation. This should be all 5 ports needed to get the scan done properly but it is not working.
I can see the exceptions in the client's firewall and I can scan the client using a portscanner and verify that all 5 ports are open. If I take the firewall down completely then it works, but I can't really leave all the machines like this or do this every time I want to do another scan. I don't understand why I'm having trouble with something that should be so straight forward.
I've been through the faqs for MBSA and verified that I have the ports open but it still doesn't work. I'm convinced this is a firewall problem since it works when the firewall is down. 

Any ideas?

--
Hari Sekhon
Previous By Date Next
Previous By Thread Next

Current thread: