Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Recon server using NMAP
#1
Hello there,

I'd very much like to have the recon server using NMAP to both learn about new hosts and it's services as well as to keep an eye on services that shouldn't be running on hosts. The mapping between a network range and a network template just doesn't feel right.

The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.

Are there any works in that direction ?
 Reply
#2
Mmm, I understand you want to add automatically services (Tcp ports) that are listening in target machines, right ?, even if this host is already monitored.

But what happen with non-responsible ports ?, we should "delete" it from the current monitorization?.

By the way, Pandora FMS 3.0 is using NMAP and Xprobe2 to detect new host and fingerprinting them, the old way to tcp scan hosts was used only in 1.x and 2.x, nmap is much much better :-)

(12-07-2009, 10:35 PM)pablort link Wrote: Hello there,

I'd very much like to have the recon server using NMAP to both learn about new hosts and it's services as well as to keep an eye on services that shouldn't be running on hosts. The mapping between a network range and a network template just doesn't feel right.

The idea is to work the adding/removing of services automatically through discovery instead of manually adding all services to hosts on the pandora_console.

Are there any works in that direction ?
 Reply
#3
my problem is Recon seems to add host multiple times

ie:

192.168.4.11 is the same as srs-rdp-srv which has a client running

is there a way to get recon to ignore or bypass units that have agents running
 Reply
#4
Recon try to match by current IP addresses, so if an agent who actually exists HAS an IP in the range being scanned by recon, it should not get added again, just be sure it has a correct IP address assigned.

This was a bug in 2.1 (to have duped agents detected) but 3.0 fix this problem.

(02-11-2010, 10:19 PM)randy_srs link Wrote: my problem is Recon seems to add host multiple times

ie:

192.168.4.11 is the same as srs-rdp-srv which has a client running

is there a way to get recon to ignore or bypass units that have agents running
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes