Recon server using NMAP

  • Recon server using NMAP

    Posted by pablort on December 8, 2009 at 02:35

    Hello there,

    I’d very much like to have the recon server using NMAP to both learn about new hosts and it’s services as well as to keep an eye on services that shouldn’t be running on hosts. The mapping between a network range and a network template just doesn’t feel right.

    The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.

    Are there any works in that direction ?

    Sancho replied 14 years, 8 months ago 3 Members · 3 Replies
  • 3 Replies
  • Sancho

    Organizer
    December 9, 2009 at 15:07
    2214 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    Mmm, I understand you want to add automatically services (Tcp ports) that are listening in target machines, right ?, even if this host is already monitored.

    But what happen with non-responsible ports ?, we should “delete” it from the current monitorization?.

    By the way, Pandora FMS 3.0 is using NMAP and Xprobe2 to detect new host and fingerprinting them, the old way to tcp scan hosts was used only in 1.x and 2.x, nmap is much much better 🙂

    Hello there,

    I’d very much like to have the recon server using NMAP to both learn about new hosts and it’s services as well as to keep an eye on services that shouldn’t be running on hosts. The mapping between a network range and a network template just doesn’t feel right.

    The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.

    Are there any works in that direction ?

  • randy_srs

    Member
    February 12, 2010 at 02:19
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    my problem is Recon seems to add host multiple times

    ie:

    192.168.4.11 is the same as srs-rdp-srv which has a client running

    is there a way to get recon to ignore or bypass units that have agents running

  • Sancho

    Organizer
    February 17, 2010 at 06:26
    2214 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    Recon try to match by current IP addresses, so if an agent who actually exists HAS an IP in the range being scanned by recon, it should not get added again, just be sure it has a correct IP address assigned.

    This was a bug in 2.1 (to have duped agents detected) but 3.0 fix this problem.

    my problem is Recon seems to add host multiple times

    ie:

    192.168.4.11 is the same as srs-rdp-srv which has a client running

    is there a way to get recon to ignore or bypass units that have agents running