Community pioneers
Public Group
Public Group
Active 5 weeks ago
Wanted to contribute with ideas?, want to expand the use of pandora or to help us improving it?. This... View more
Public Group
Group Description
Wanted to contribute with ideas?, want to expand the use of pandora or to help us improving it?. This is your group, it’s opened to anybody who wants a better IT world. ¿Quieres contribuir con ideas?, ¿quieres mejorarlo? Este es tu grupo, abierto a cualquiera que quiera un mundo TI mejor.
Recon server using NMAP
-
Recon server using NMAP
Posted by pablort on December 8, 2009 at 02:35Hello there,
I’d very much like to have the recon server using NMAP to both learn about new hosts and it’s services as well as to keep an eye on services that shouldn’t be running on hosts. The mapping between a network range and a network template just doesn’t feel right.
The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.
Are there any works in that direction ?
Sancho replied 14 years, 8 months ago 3 Members · 3 Replies -
3 Replies
-
::
Mmm, I understand you want to add automatically services (Tcp ports) that are listening in target machines, right ?, even if this host is already monitored.
But what happen with non-responsible ports ?, we should “delete” it from the current monitorization?.
By the way, Pandora FMS 3.0 is using NMAP and Xprobe2 to detect new host and fingerprinting them, the old way to tcp scan hosts was used only in 1.x and 2.x, nmap is much much better 🙂
Hello there,
I’d very much like to have the recon server using NMAP to both learn about new hosts and it’s services as well as to keep an eye on services that shouldn’t be running on hosts. The mapping between a network range and a network template just doesn’t feel right.
The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.
Are there any works in that direction ?
-
-
::
Recon try to match by current IP addresses, so if an agent who actually exists HAS an IP in the range being scanned by recon, it should not get added again, just be sure it has a correct IP address assigned.
This was a bug in 2.1 (to have duped agents detected) but 3.0 fix this problem.
my problem is Recon seems to add host multiple times
ie:
192.168.4.11 is the same as srs-rdp-srv which has a client running
is there a way to get recon to ignore or bypass units that have agents running