Security Basics mailing list archives
Re : MBSA incomplete scans
From: abdelhakim aliane <hakim_al () yahoo fr>
Date: Wed, 17 Jan 2007 08:55:11 +0000 (GMT)
Hi, try to troubleshoote this issue by enabling XPSp2 Firewall logging on the issued machine, read the file C:\WINDOWS\pfirewall.log (with WordPad or Excel) and filter it on IP address machine source and destination to see the guilty ports blocking the scans. I often use this firewall to troubleshoot many network applications to know what ports have I to open. Sample : 2007-01-09 14:18:50 OPEN TCP 10.12.30.62 172.16.130.6 3139 445 Match file headers fields to each number here to read the port destination. Another Solution: Apply a GPO on your domain to permit file and printer sharing on all machines, it works fine. It's the simplest way to do things regardless of opening this or that port destination. Cordially, H Aliane. IT Sec. OTA Algiers. Algeria. ----- Message d'origine ---- De : Hari Sekhon <hpsekhon () googlemail com> À : security-basics () securityfocus com Envoyé le : Mardi, 16 Janvier 2007, 12h19mn 36s Objet : MBSA incomplete scans I'm using MBSA which I have used for quite a long time previously. I'm however having a spot of trouble in my latest network audit with it. I'm using the latest version against XP Sp2 clients with firewalls enabled. I get: "Incomplete Scan (Could not complete one or more requested checks)" I know this is because MBSA cannot contact the agent on the target machines and this is because of the firewalls, but I have defined port exceptions at the domain level via group policy for file and printer sharing which opens up udp ports 137,138 and tcp 139 and 445. I have also made an explicit rule to open up tcp port 135 for my workstation, as well as defining to allow a remote administration exception in the firewall for my workstation. This should be all 5 ports needed to get the scan done properly but it is not working. I can see the exceptions in the client's firewall and I can scan the client using a portscanner and verify that all 5 ports are open. If I take the firewall down completely then it works, but I can't really leave all the machines like this or do this every time I want to do another scan. I don't understand why I'm having trouble with something that should be so straight forward. I've been through the faqs for MBSA and verified that I have the ports open but it still doesn't work. I'm convinced this is a firewall problem since it works when the firewall is down. Any ideas? -- Hari Sekhon ___________________________________________________________________________ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com
Current thread:
- Re : MBSA incomplete scans abdelhakim aliane (Jan 17)