Re : MBSA incomplete scans
- From: abdelhakim aliane <hakim_al@xxxxxxxx>
- Date: Wed, 17 Jan 2007 08:55:11 +0000 (GMT)
Hi, try to troubleshoote this issue by enabling XPSp2 Firewall logging on the issued machine, read the file C:\WINDOWS\pfirewall.log (with WordPad or Excel) and filter it on IP address machine source and destination to see the guilty ports blocking the scans.
I often use this firewall to troubleshoot many network applications to know what ports have I to open.
Sample : 2007-01-09 14:18:50 OPEN TCP 10.12.30.62 172.16.130.6 3139 445
Match file headers fields to each number here to read the port destination.
Another Solution: Apply a GPO on your domain to permit file and printer
sharing on all machines, it works fine. It's the simplest way to do things regardless of opening this or that port destination.
Cordially,
H Aliane.
IT Sec.
OTA Algiers.
Algeria.
----- Message d'origine ----
De : Hari Sekhon <hpsekhon@xxxxxxxxxxxxxx>
À : security-basics@xxxxxxxxxxxxxxxxx
Envoyé le : Mardi, 16 Janvier 2007, 12h19mn 36s
Objet : MBSA incomplete scans
I'm using MBSA which I have used for quite a long time previously. I'm
however having a spot of trouble in my latest network audit with it. I'm
using the latest version against XP Sp2 clients with firewalls enabled.
I get:
"Incomplete Scan (Could not complete one or more requested checks)"
I know this is because MBSA cannot contact the agent on the target
machines and this is because of the firewalls, but I have defined port
exceptions at the domain level via group policy for file and printer
sharing which opens up udp ports 137,138 and tcp 139 and 445. I have
also made an explicit rule to open up tcp port 135 for my workstation,
as well as defining to allow a remote administration exception in the
firewall for my workstation. This should be all 5 ports needed to get
the scan done properly but it is not working.
I can see the exceptions in the client's firewall and I can scan the
client using a portscanner and verify that all 5 ports are open. If I
take the firewall down completely then it works, but I can't really
leave all the machines like this or do this every time I want to do
another scan. I don't understand why I'm having trouble with something
that should be so straight forward.
I've been through the faqs for MBSA and verified that I have the ports
open but it still doesn't work. I'm convinced this is a firewall problem
since it works when the firewall is down.
Any ideas?
--
Hari Sekhon
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
- Prev by Date: Re: MBSA incomplete scans
- Next by Date: Account lockout - analysis help
- Previous by thread: F5 and Load Balancing
- Next by thread: Account lockout - analysis help
- Index(es):
Relevant Pages
|
