Re : MBSA incomplete scans

[abdelhakim aliane <hakim_al () yahoo fr>]

Hi, try to troubleshoote this issue by enabling XPSp2 Firewall logging on the issued machine, read the file 
C:\WINDOWS\pfirewall.log (with WordPad or Excel) and filter it on IP address machine source and destination to see the 
guilty ports blocking the scans.
I often use this firewall to troubleshoot many network applications to know what ports have I to open.
Sample : 2007-01-09 14:18:50 OPEN TCP 10.12.30.62 172.16.130.6 3139 445
Match file headers fields to each number here to read the port destination.

Another Solution: Apply a GPO on your domain to permit file and printer 
sharing on all machines, it works fine. It's the simplest way to do things regardless of opening this or that port 
destination.

Cordially,
H Aliane.
IT Sec.
OTA Algiers.
Algeria. 

----- Message d'origine ----
De : Hari Sekhon <hpsekhon () googlemail com>
À : security-basics () securityfocus com
Envoyé le : Mardi, 16 Janvier 2007, 12h19mn 36s
Objet : MBSA incomplete scans


I'm using MBSA which I have used for quite a long time previously. I'm 
however having a spot of trouble in my latest network audit with it. I'm 
using the latest version against XP Sp2 clients with firewalls enabled. 
I get:

"Incomplete Scan (Could not complete one or more requested checks)"

I know this is because MBSA cannot contact the agent on the target 
machines and this is because of the firewalls, but I have defined port 
exceptions at the domain level via group policy for file and printer 
sharing which opens up udp ports 137,138 and tcp 139 and 445. I have 
also made an explicit rule to open up tcp port 135 for my workstation, 
as well as defining to allow a remote administration exception in the 
firewall for my workstation. This should be all 5 ports needed to get 
the scan done properly but it is not working.

I can see the exceptions in the client's firewall and I can scan the 
client using a portscanner and verify that all 5 ports are open. If I 
take the firewall down completely then it works, but I can't really 
leave all the machines like this or do this every time I want to do 
another scan. I don't understand why I'm having trouble with something 
that should be so straight forward.

I've been through the faqs for MBSA and verified that I have the ports 
open but it still doesn't work. I'm convinced this is a firewall problem 
since it works when the firewall is down.

Any ideas?

-- 
Hari Sekhon


        

        
                
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com