>From the suggestions you've listed below, it seems to me that your advice is >on the right track.
Some data points that are important beyond what you've listed is: * Identifying whether or not the targets being scanned are Windows XP Service Pack 2 hosts. Testing has shown, that despite the firewall service being opened up or shut down, authentication to these hosts can still be reduced due to the way that service pack handles credentials passes from workgroup to domain or domain to workgroup. * Identifying whether the credentials provided in Known Accounts are trusted across domains that the targets reside on. * Determining if the credentials being passed through Internet Scanner via Known Accounts are nested in groups outside of the built in administrators group or if Active Directory is being utilized on the Windows network. Certain configurations depending on how you have constructed your network can have an effect on the scan accuracy if the appropriate account cannot be reached. If you suspect that an XPU has changed performance then you really should set up a quick test that consists of rolling off to the XPU that you feel is performing properly and run a scan. Pull your scan log from that scan, then roll back to the XPU you feel has caused a problem and re-run the very same scan from the database and pull those logs from that scan. Send those logs into Tech Support and they will differentiate those conditions and make engineering aware of the problem and correct it if it is proven to be a defect. You're also welcome to clear out your accounts and IPs and send log snippets to the forum for comparison, but beware of the security concerns in doing so. [EMAIL PROTECTED] wrote:Dear all, some of my contacts reported, that they are having trouble in scanning their assets for vulnerabilities where admin priviledges are needed. All my advices failed until now: Be shure to start the remote registry service on the targets. Be shure to have the right credentials in the known accounts editet. Be shure that the server service is running on the target. Be shure that IPC$ is reachable from remote with the above credentials. Be shure that no personal firewall blocks the scan. During a workshop I gave in Juli this year, everything was ok (XPU 7). I think that in some XPU after this until now, something has changed, which I'm not able to proof. Have I forgotten some hints? Is anybody else struggling with the same problem since Juli 2005. Has anybody found a solution? Thank you in advance. H. Reichert Owner Manager Holysword GbR Hamburg Germany www.holysword.de _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
