F-Secure Radar Discovery Scan ping detection fails due to switch redirection.

This discussion has a more recent version.

Issue:

Ping detection fails due to switch redirection using RADAR Discovery Scan.

Resolution:

We have added a new feature In F-Secure Radar that helps to resolve this issue. You need to modify your discovering scan template to use it. Follow the steps below to configure the top 100 port scan template without scanning or pinging port 80:

  1. Create a new discovery scan template:
  • Name the template (eg. "Port Scan (no 80 ping)")
  • For scan mode select Custom port scan
  • TCP range: 7,9,13,21-23,25-26,37,53,79,81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157
  • UDP range: 7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 
  • Click Save
  1. Download the new template:
  • Select it on the templates list (click the checkbox)
  • Click Download scan settings
  • Edit downloaded file by adding '-PE -PP -PS443' node within '' (see Top 100 no 80 ping.xml)
  1. Upload modified template:
  • Click Upload scan settings on Radar templates list
  • Browse for your edited file and click "Upload"
  1. Use your newly created template in Discovery Scans.
Note: If you want to skip port 80 pings on other types of scans, the procedure is similar (add correct <AdditionalNmapOptions> in the config).

Article no: 000012266

Sign In or Register to comment.