Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Linkedin Facebook-f Twitter
Skip to main content

Search another article?

Created On
Print
You are here:
< Back

Troubleshooting on NVS

In this guide, we show you how to perform debugging: to resolve certain issues that may arise on the NVS module and scan it manages.

Troubleshooting “Hosts Not Alive”

Problem
During the host discovery phase, the service checks if the host to be scanned is up and running in order to avoid wasting time on scanning a dead or unreachable host. The “No Host Alive” message displayed on the screen means the scanner did not find the target to be alive during the Discovery phase of the scan. If the host is not “alive” then the scan will not proceed beyond this point and no assessment will be performed.

Error
Hosts are shown under the “Hosts Not Alive” section of scan results

Cause
To determine if the host is “alive”, the service pings each target host using ICMP, TCP, and UDP probes. The TCP and UDP probes are sent to default ports for common services on each host, such as DNS, TELNET, SMTP, HTTP and SNMP. If any of these probes doesn’t trigger any response from the host, the host is considered as not alive.
The types of probes sent, and the list of ports scanned during host discovery are configurable in the option profile (see Host Discovery on the Additional tab in the profile).

Ports used for host discovery:

  • TCP SYN packets are sent to these well-known TCP ports: 21, 22, 23, 25, 53, 80, 88, 110, 111, 135, 139, 443, 445.
  • TCP ACK packet with a source port of 80 and a destination port of 2869
  • TCP ACK packet with a source port of 25 and a destination port of 12531
  • TCP SYN-ACK packet with a source port of 80 and a destination port of 41641
  • UDP packets are sent to the following well-known UDP ports: 53, 111, 135, 137, 161, 500
  • ICMP ‘Echo Request’ packets

Solution

  • Ensure that the Qualys scanner is able to reach the concerned target on required ports.
    • For external scans, go to Help > About, to see the IP addresses for external scanners to allow.
    • Users can run the following command on the endpoint during scan to determine what ports are open on the host at that time: netstat -anp
  • Enable ICMP to the system, this will allow the system to be discovered alive.
  • If there are any other ports open on the target, other than those mentioned above, you may add these ports in TCP Ports/UDP ports in Additional tab of the Option Profile.
  • You can choose to scan “dead” hosts through your scan options in the option profile (see Scan Dead Hosts on the Scan tab in the option profile), but this may increase scan time and is not suggested for Class C or larger networks.