Host Alive Testing

Document created by Martin Walker Employee on Apr 24, 2018Last modified by Robert Dell'Immagine on Apr 25, 2018
Version 2Show Document
  • View in full screen mode

Introduction

This short article provides more detail about the Host-Alive Testing option in the scan option profile.

 

The Problem

Maps are fast, however they have a limitation in that they do not scale across scanners and may block other scans and maps happening. Other discovery options such as Light Inventory or Asset Tagging scans scale across scanners, and also create/update assets and evaluate tags, but perform discovery slower than maps. The goal of this option is to is to provide the ability to quickly determine host's status (alive or dead), with the ability to scale across scanners, with as little time spent and as few side effects as possible. This type of scan is intended for only getting the count of live and dead hosts, and no additional information.

 

How it Works

When this option is selected we perform only the discovery portion of the scan, using the standard discovery modified as the user has selected in the Additional tab (i.e. ports, ICMP, packet options).

 

Whenever this option is selected the user can only select Complete Vulnerability Detection in the option profile, however only three QIDs are actually tested (only those QIDs which are found incidentally as part of the host-alive check performed by the scanner). In your Scan Results report you may see some Information Gathered QIDs reported for the target hosts found alive. However, users should not rely on the scanner returning any QIDs regardless of the alive/not alive status of the asset.

 

QID 6 - DNS Host Name

QID 82056 - Host Name Not Available

QID 45038 - Host Scan Time

 

For hosts tracked by DNS or NetBIOS the usual rules regarding reporting apply. Hosts tracked that way, which are scanned using different information than the tracking token (i.e. by IP), can show up in the unresolved section if we were unable to determine the tracking token. In that case no assumption should be made about the dead vs. alive state of the host.

 

Host that are alive are listed under Successfully Scanned Hosts in the Appendix of the scan results. Hosts that are not found alive during the scan are listed under Hosts Not Alive section.

1 person found this helpful

Attachments

    Outcomes