Versions Compared

Old Version 3

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 4

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Networks respond differently depending on how they're configured. Some routers and/or firewalls can respond "on behalf" of IPs on the other side of their interfaces to the Open-AudIT Server. It is quite common to see Nmap report a probe for SNMP (UDP port 161) to respond as open|filtered for devices the do and do not exist. This has cause Open-AudIT users some confusion in the past. They know there is no device at that IP, yet they end up with a device entry in the database. 99.9% of the time, it is not Open-AudIT, nor even Nmap, but the network causing this issue. Now that we have the options to treat open|filtered ports as either open or closed, we can eliminate a lot of this confusion. Enterprise users even have the option to change this on a per discovery basis (more than just using the Medium (Classic) item, as above).

 

Sample Screenshot (Discovery Enterprise Options)

Click to enlarge.

Display Improvements

As well as the functional improvements to discovery, we have also revised the Discovery Details page. We have sections for  Summary, Details, Devices, Logs and IP Addresses. The Devices section, in particular, is now much more useful. We have added a new type of Unclassified to the list and we use this when we have more than jsut an IP and/or name for the device. For instance we may know it's IP, name and the fact that is has port 135 open. This at least is a good indication that the device is likely a Windows machine. So we know "something". More than just "there is something at this IP". That is now an Unclassified device. We still support Unknown devices as always - for those device we really know nothing about. An example of this screen is below. We also provide a quick link to creating credentials when a service (SSH, WMI, SNMP) has been identified, but we were not able to authenticate to it.

We think these display improvements will go a long way to assisting you to remove any Unknown or Unclassified devices that are on your network.

Click to enlarge.

 

This new functionality, I believe, makes Open-AudIT one of the easiest to use Nmap Frontends available while at the same time provides a great amount of flexibility for advanced users.

...