From the suggestions you've listed below, it seems to me that your advice is
on the right track.
Some data points that are important beyond what you've listed is:
* Identifying whether or not the targets being scanned are Windows XP Service
Pack 2 hosts. Testing has shown, that despite the firewall service being opened
up or shut down, authentication to these hosts can still be reduced due to the
way that service pack handles credentials passes from workgroup to domain or
domain to workgroup.
* Identifying whether the credentials provided in Known Accounts are trusted
across domains that the targets reside on.
* Determining if the credentials being passed through Internet Scanner via
Known Accounts are nested in groups outside of the built in administrators
group or if Active Directory is being utilized on the Windows network. Certain
configurations depending on how you have constructed your network can have an
effect on the scan accuracy if the appropriate account cannot be reached.
If you suspect that an XPU has changed performance then you really should set
up a quick test that consists of rolling off to the XPU that you feel is
performing properly and run a scan. Pull your scan log from that scan, then
roll back to the XPU you feel has caused a problem and re-run the very same
scan from the database and pull those logs from that scan. Send those logs into
Tech Support and they will differentiate those conditions and make engineering
aware of the problem and correct it if it is proven to be a defect. You're
also welcome to clear out your accounts and IPs and send log snippets to the
forum for comparison, but beware of the security concerns in doing so.
holger.reichert@holysword.de wrote:Dear all,
some of my contacts reported, that they are having trouble in scanning their
assets for vulnerabilities where admin priviledges are needed.
All my advices failed until now:
Be shure to start the remote registry service on the targets.
Be shure to have the right credentials in the known accounts editet.
Be shure that the server service is running on the target.
Be shure that IPC$ is reachable from remote with the above credentials.
Be shure that no personal firewall blocks the scan.
During a workshop I gave in Juli this year, everything was ok (XPU 7).
I think that in some XPU after this until now, something has changed, which I'm
not able to proof.
Have I forgotten some hints?
Is anybody else struggling with the same problem since Juli 2005.
Has anybody found a solution?
Thank you in advance.
H. Reichert
Owner Manager
Holysword GbR
Hamburg
Germany
www.holysword.de
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
