No open management port

 
1
0
-1

Hi, 

I have several discoveries running. During one of which I get this message



when running a scan against that host port 161/snmp is open



SNMP v3 is up an running on that device. Credentials are created in OpenAudit.

Any idea why the message appears in OpenAudit?


    CommentAdd your comment...

    1 answer

    1.  
      1
      0
      -1

      If your manual Nmap scan is from the same server that Open-AudIT is running on - then that's odd.

      Although the IP addresses are different (172.17.20.254 in Open-AudIT and 172.17.20.1 in the manual scan).

      What happens if you run (on the Open-AudIT server):

      nmap -n -T4 -sU -p 161 172.17.20.254

      That is what the default discovery is configured to run. You can see it in the discovery log.

      1. ToddeHB
        root@xxx-Open-AudIT ~ > nmap -n -T4 -sU -p 161 172.17.20.254
Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-06 14:59 CET
Nmap scan report for 172.17.20.254
Host is up (0.00028s latency).

PORT    STATE         SERVICE
161/udp open|filtered snmp
MAC Address: 00:1A:8C:F0:4A:08 (xxxx)

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
      2. Mark Unwin

        The issue is because the port is open|filtered and the default scan options are set to ignore this.This is viewable in the discovery, on the Scan Options tab.


        If you don't have a license, this cannot be changed, except by changing the default scan options for all discoveries in the configuration.


        If you have a Professional license, you can change the scan options by viewing the discovery and going to the Scan Options tab.

        Professional customers can view the available discovery scan options (but not edit or create new sets) by going to menu → Discover → Discoveries → Discovery Scan options.


        If you have an Enterprise license (even a free license) you can change this by viewing the discovery and going to the Scan Options tab. You can also change individual options, within the scan options set.

        Enterprise customers can also build new discovery scan options sets by going to menu → Discover → Discoveries → Discovery Scan options.

      3. ToddeHB

        So what do you propose to change regarding the scan option? I am using the free Enterprise license for testing purposes. I definetely know, that the device has SNMP v3 up and running, cause our monitoring solution is able to query.

      4. Mark Unwin

        View the discovery, go to Scan Options, change the value for 'Consider Open|Filtered Ports Open' to 'y'.

      5. ToddeHB

        Unfortunately this did not change anything


      6. Mark Unwin

        No valid credentials is not the same as no open ports.

        Obviously your SNMP credentials are not working on that device. The reason may be one of many. It may be that the credentials are incorrect, there may be access restrictions on IPs that can connect, or something else. If you are using NSMPv2 credentials, you could try the below on the command line of the Open-AudIT server.

        snmpget -v2c -On -c PUBLIC IP 1.3.6.1.2.1.1.2.0

        Obviously replace PUBLIC and IP with your own.

      CommentAdd your comment...