- [00:01:52]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [00:01:52]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [00:36:35]*klotfare (~chatzilla@217.24.250.130) entered the channel
- [00:36:40]klotfarehi there
- [00:36:49]klotfareim having probs connecting to the server
- [00:37:22]klotfareRemote host is not using the good version of the Nessus communication protocol (1.2) or is tcpwrapped
- [00:37:32]klotfareanyhelp ?
- [01:03:02]*klotfare (~chatzilla@217.24.250.130) has quit (Ping timeout: 480 seconds)
- [01:04:07]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has left the channel ()
- [03:01:46]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [05:01:48]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has left the channel ()
- [05:29:59]*chandra (~bchandra@122.166.98.27) entered the channel
- [06:01:00]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [06:10:08]*mindframe (~mindframe@2.203.232.72.static.reverse.ltdomains.com) has quit (Quit: There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence.)
- [06:39:16]*chandra (~bchandra@122.166.98.27) has quit (Ping timeout: 480 seconds)
- [07:26:23]*Chandan (~chandan@122.166.98.27) entered the channel
- [07:27:40]*chandra (~bchandra@122.166.98.27) entered the channel
- [08:07:22]*mwiegand (~michael@aktaia.intevation.org) entered the channel
- [08:07:33]mwiegandmorning
- [08:08:34]*trotter (~anonym@juliet.dnx.de) entered the channel
- [08:09:34]chandramorning
- [08:09:44]trottermorning
- [09:02:02]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [09:02:02]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [09:16:49]sid77morning all
- [09:16:54]mwiegandmorning sid77
- [09:18:57]*felix (~Felix@aktaia.intevation.org) entered the channel
- [09:19:01]felixmorning
- [09:20:27]*amrossi (~amrossi@host92-99-static.105-82-b.business.telecomitalia.it) entered the channel
- [10:26:55]*Schumie (~Steve@81-29-64-254.servers.dedipower.net) entered the channel
- [11:00:50]*wlet (~wlet@et-1-20.gw-nat.bs.ka.oneandone.net) entered the channel
- [11:01:14]wlethi
- [11:02:12]wletI've to scan a really large range of hosts (>20.000), and try to optimize scan performance
- [11:02:45]wlet1st of all I disabled all unneeded plugins
- [11:03:07]wletafter taht I stumbled upon the "Services" dialog
- [11:03:22]wletwith some Timeout setting
- [11:03:42]wletwhere I can find som documentation about these settings
- [11:03:58]wletthe compendium isn't helpful here
- [11:08:59]felixhi wlet
- [11:09:22]felixwlet: you have found the right place
- [11:09:38]felixand thanks for hinting at the incomplete timeout-doc in the compendium.
- [11:10:42]felixwlet: in principle you can 1) change the "global" timeout (servers openvasd.conf), or on a per-nvt base
- [11:11:35]felixwlet: btw, what "Services" dialog?
- [11:12:47]wletgo "Options" Tab, then "Prefs.", then "Services"
- [11:13:27]felixwlet: Ok, that NVT is a bit a special case.
- [11:14:20]felixwlet: as it implements the timeout itself. For _every_ plugin (== nvt) you can set a timeout in the dialog that appears after double-clicking on it (in the plugin-list)
- [11:15:49]wletbtw: "checks_read_timeout = 5" means 5 seconds?
- [11:16:58]felixwlet: Sorry, I dont know.
- [11:20:30]felixwlet: The downside with using timeouts is that they are not reported back (yet). That means the only possibility to find out if the timeout was hit is to look into the log files.
- [11:21:08]felixwlet: Btw, you can extend log-output by enabling some options in the openvasd.conf and configure with --enable-debug.
- [11:26:47]felixwlet: Looks to me to be seconds (checks_read_timeout).
- [11:27:59]wlethmm... is there a faq for scan performance tuning. I'm ok with less accurate results, but I don't want to scan 6 days ;)
- [11:30:25]felixwlet: sorry, no faqs. You seem to have a very interesting use case at hand.
- [11:46:06]mwiegandeveryone: I've just finished building Debian packages for all modules for both Lenny and Etch
- [11:46:18]mwiegandThey are available at apt.intevation.de
- [11:46:45]mwiegandAny feedback would be really appreciated.
- [11:49:10]chandramweigand, felix: Check "non_simult_ports" in server package, indicates the concurrency check problem.
- [11:49:43]mwiegandchandra: in the server prefs?
- [11:50:07]chandrayep!
- [11:50:18]chandrawlet: checks_read_timeout is in seconds
- [11:51:18]chandrawlet: for performance tuning, you could give plugins_timeout, "optimize_test" will ensure to run plugins only when dependencies are met
- [11:51:51]chandrawlet: disable thorough_tests
- [11:53:58]chandramwiegand, felix: concurrency problem, I added smb_login_or_reuse_connection() function to smb_nt.inc just to confirm my analysis. I could make it work with two plugins simaltaneously called.
- [11:54:39]chandrabut, applying this solution, to acquire and release sockets by each plugin is very very tedious process. we need to identify a different method
- [11:55:10]chandraif this "non_simult_ports" works, it is easy.
- [12:00:58]felixchandra: You mean when you add 22 to non_simult_ports? works for win or linux tests?
- [12:00:58]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [12:02:02]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [12:02:15]chandrafelix: linux is no problem, we have problem with windows scripts, we should add 139, 445 into the list
- [12:02:42]chandrabut, I think that parameter is no more working, we need to debug that
- [12:06:36]felixchandra: Do the repsective plugins flag the port as required? Or is it done via the smb- include?
- [12:08:06]*lmwangi (~lmwangi@41.206.44.34) entered the channel
- [12:11:17]felixhi lmwangi
- [12:15:30]lmwangihi felix
- [12:24:40]felixchandra: Because looking at the code, the concept seems to be surprisingly easy to grasp :). But I do not have the right test- setup here right now to dig into it (and other things to do). important places are in plugin_launch where one can has to do a define for some output regarding 'waiting because of simultanouse port requirements'
- [12:28:12]jan_oliverwlet: you numbers require fine tuning of the scan anyway. An iterative approach might be helpful. One of the questions to answer is wether it will be a single scan or whether it will be a permanent activity.
- [12:29:44]jan_oliverwlet: I suggest the iterarativ approach, at your option either in communication with the OpenVAS community or with professional support (http://www.openvas.org/professional-services.html)
- [12:32:28]wletjan_oliver: i think first of all I "dive deep" into OpenVAS and see the resluts
- [12:33:27]wlet;) If I stuck I'll take professional help
- [12:35:36]jan_oliverdive deep is good :-)
- [12:35:59]jan_oliverIf you find any unsatisfactory things, please inform us.
- [12:36:25]jan_oliverThe ssoner the better, the OpenVAS community tries its best to be very reactive.
- [12:37:43]wletWhat could be very helpful I think is a strict separation within the plugins
- [12:38:16]wletto select only plugins which operate only via WAN
- [12:38:30]wletplugins used within LAN
- [12:38:39]wletand local checks
- [12:39:03]wletIf I scan a server farm, I don't want to scan for firefox vulns
- [12:39:18]wletbut I have to disable it within several plugins
- [12:39:31]wlets/plugins/plugin sections/
- [12:40:00]wletIt's a bit boring to shuffle throuzh the whole list
- [12:40:15]Radiodoes anyone have a clue why i get a segfault on startup with the newest release, it says:
- [12:40:19]RadioLoading the plugins... 1020 (out of 10678)[30810]() gpgme_engine_check_version failed: GPGME/Invalid crypto engine
- [12:40:22]RadioSegmentation fault
- [12:40:49]felixwlet: And do not hesitate to send mails to the mailing-lists, as some active people live in different timezones and/or have different wake/work/sleep cycles and/or dislike irc.
- [12:41:02]felixRadio: which distro are you using?
- [12:41:09]wletokidoki ;)
- [12:41:21]Radiofelix: Suse linux enterprise 10
- [12:41:43]felixRadio: which gpgme version? (rpm -l ... I think)
- [12:41:59]Radioand 'gpgme-config --version' is 1.1.6
- [12:43:47]felixRadio: Could you try to upgrade to 1.1.8 and report if it solved the issue? The error seems familiiar to me (wasnt there something with backtrack?), but it should not segfault.
- [12:44:13]Radioyes, backtrack, i found this bugreport here, http://wald.intevation.org/tracker/?func=detail&atid=220&aid=825&group_id=29
- [12:45:17]jan_oliverwlet: there is not so much a problem with the local checks. If you don't provide credentials, they will not even be executed. Also some fingerprinting is used to lower the number of actually executed NVTs.
- [12:45:25]Radiowait a minute, i try gpgme1.1.8
- [12:45:42]mimeHi Radio ;-)
- [12:46:20]Radiohey mime
- [12:51:23]Radiofelix: ok, strange, gpgme1.1.8 works :)
- [12:52:41]felixfelix scratches his head
- [12:54:23]felixRadio: I would bet that similar to kosts experiment, it would work with a self-built 1.1.6.
- [12:58:47]Radioits reproducable with 1.1.6
- [12:59:06]Radioi tried with a gpgme 1.1.6 compiled by hand, http://rafb.net/p/1hhLHe72.html
- [13:01:23]felixRadio: Could you please appach that snippet to the bugreport with either a description what you just said or a link to the irc archive at the appropriate position? (At http://www.linux.hr/openvas/archive/ the times (left) are html anchors and thus linkable)
- [13:02:12]felixRadio: I do not have the time to pick up that issue now, but thanks for you efforts. Eventually we have to exclude that version. Interestingly it works with 1.1.8 and 1.1.2.
- [13:04:18]Radiofelix: no problem
- [13:16:02]felixRadio: Thanks.
- [13:54:28]*felix (~Felix@aktaia.intevation.org) has left the channel (Kopete 0.12.3 : http://kopete.kde.org)
- [14:13:39]*mattm (~mattm@i-83-67-18-230.freedom2surf.net) entered the channel
- [14:13:58]mwiegandFYI: I've just assigned the script ID block 102NNN to University of Zagreb
- [14:23:59]chandratested non_simult_ports behavior, it doesn't seem to work as expected, it doesn't put anything in wait.
- [14:29:07]*atomicturtle (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has left the channel ()
- [14:29:53]*mattm (~mattm@i-83-67-18-230.freedom2surf.net) has quit (Ping timeout: 480 seconds)
- [14:33:32]mwiegandchandra, mime: could you suggest a family for Goran's script?
- [14:37:14]chandramweigand: replied to the mail just now.
- [14:37:55]mwiegandoh, just saw it ;)
- [14:56:14]*amrossi_ (~amrossi@host92-99-static.105-82-b.business.telecomitalia.it) entered the channel
- [14:56:32]*amrossi (~amrossi@host92-99-static.105-82-b.business.telecomitalia.it) has quit (Ping timeout: 480 seconds)
- [15:01:43]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) entered the channel
- [15:02:38]*atomicturtle1 (~sshinn@c-69-255-195-219.hsd1.va.comcast.net) has left the channel ()
- [15:22:02]*chandra (~bchandra@122.166.98.27) has quit (Ping timeout: 480 seconds)
- [16:01:59]*trotter (~anonym@juliet.dnx.de) has quit (Quit: Dana)
- [16:14:27]*mwiegand (~michael@aktaia.intevation.org) has quit (Quit: leaving)
- [16:21:29]*amrossi_ (~amrossi@host92-99-static.105-82-b.business.telecomitalia.it) has quit (Ping timeout: 480 seconds)
- [16:44:27]*wlet (~wlet@et-1-20.gw-nat.bs.ka.oneandone.net) has quit (Remote host closed the connection)
- [16:55:12]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) entered the channel
- [16:58:52]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) has left the channel ()
- [17:37:04]*Chandan (~chandan@122.166.98.27) has quit (Quit: Leaving)
- [19:25:56]*lmwangi (~lmwangi@41.206.44.34) has quit (Quit: fortune: On a normal ascii line, the only safe condition to detect is a 'BREAK')
Last 30 days: