Hi, On 16.07.2018 11:26, Berkcan GEYİKCİ wrote: > Hello sir > > I am using Openvas 9 in my Ubuntu virtual machine for educational purposes. > > When i scan my other virtual machines with given(username+password) > credentials of my local machines and try to listen ssh logs, > > i realize that Openvas is trying to connect from ssh with different > credentials(not my credential) and in the terminal it looks like this; > > > -Failed password for invalid user netscreen from 192.168.45.1 > > -Failed password for invalid user super from 192.168.45.1 port 12269 ssh2 > > -Received disconnected from 192.168.45.1 port 12269:11: Bye Bye > > -Failed password for invalid user chip from 192.168.45.1 port 12274 ssh2 > > -Received disconnected from 192.168.45.1 port 12274:11: Bye Bye > > -Failed password for root from 192.168.45.1 port 12271 ssh2 > > -Received disconnected from 192.168.45.1 port 12271:11: Bye Bye > > -İnvalid User admin from 192.168.45.1 > > -Input_userauth_request: invalid user admin > > ............... > > > and bunch of stuff like that > > Why Openvas does that?
Because OpenVAS is a vulnerability scanner and default/standard accounts are vulnerabilities which needs to be tested as well. > Even when i disable brute_force_attack and default_accounts from scan > config it still tries to brute force my ssh. Those are two new scan configuration settings which is not yet used by all related NVTs so this is expected. > How can i prevent this? You can clone the "full and fast" scan configuration and exclude the "Default Accounts" family. This should disable most of the related NVTs doing such brute force or default account checks. > Thanks.... Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
