Hi, On 10.04.2018 17:46, Andrew Robinson wrote: > Yes, _I_ appreciate the humor and irony. But the client didn’t find it even > slightly humorous, particularly when the nurses in the hospital almost > triggered the lockdown protocol because they thought they were under an > active threat. An over-reaction for sure, but as I try to advance OpenVAS as > a professional tool on par with it’s commercial sibling, Nessus, this doesn’t > make my job any easier.
independently from the sent string by this host alive probe you really shouldn't used a scan config with disabled safe checks for unknown and productive environments where you don't know how they behave / react on such scans. See also my previous mail about this. If using such a config is preferred i would at least make all staff aware of the side-effects which could be caused by such scans to avoid situations like this. Besides that and as long as you havn't set the "Exclude printers from scan" option to "no" in the "Global variable settings" of the scan config a printer shouldn't be touched at all during a scan by default. But this heavily depends if it was possible to detect the printer from exposed banners (e.g. via HTTP, FTP, SNMP, Telnet etc.). Reports containing such information, name of the printer or similar are very welcome at the following mailing list: http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins > I manually patched libopenvas_nasl.so.9.0.1 to change the string from “are > you dead ?” to “function check” > > Something like this should be done in the OpenVAS source. Or at least make it > a string that can be set, and NOT default to “are you dead ?” no matter how > ironic or humorous that default might be. If you think this string should be changed it probably would be the best to open a pull request with your changes and a rationale to the github repository at: https://github.com/greenbone/gvm-libs/ Regards, >> On Apr 10, 2018, at 11:14, Alex Smirnoff <a...@eltex.net> wrote: >> >> If it asks "Are you alive? Prove it!" then it might be more scary. Even >> if it is a printer, not a toaster ;-) >> >> On Mon, Apr 09, 2018 at 07:05:46PM +0000, Stewart Joseph wrote: >>> You must admit, there is more than a touch of ironic humor there. I ran a >>> scan of a Deli's network and when it hit their receipt printer it printed >>> out about 3 feet with the word "Hello" in it. I wasn't there when it hit. >>> They thought the printer had become self-aware. >>> >>> Stewart Joseph, CTO >>> LEK Technology Consultants >>> 407-877-6505 x1103 >>> www.lekcomp.com >>> >>> -----Original Message----- >>> From: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org> On >>> Behalf Of Andrew Robinson >>> Sent: Thursday, March 29, 2018 1:48 PM >>> To: openvas-discuss@wald.intevation.org >>> Subject: [Openvas-discuss] "Are you dead?" Really? >>> >>> Running an openvas scan with printer scanning enabled CAN result in several >>> pages containing the string “are you dead?” being printed. In this case, in >>> a hospital, in the ob/gyn suite. >>> >>> Not good. >>> >>> I’ve searched through the NVTs and can’t find where this string is sourced. >>> Does anyone know? >>> _______________________________________________ >>> Openvas-discuss mailing list >>> Openvas-discuss@wald.intevation.org >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> _______________________________________________ >>> Openvas-discuss mailing list >>> Openvas-discuss@wald.intevation.org >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
