AnsweredAssumed Answered

Samba service identification keeping CPU and Net workload at minimum

Question asked by jcmendd6e1e870 on May 3, 2012

Dear Qualys community,

 

I'd like to run a scan to identify samba servers on one of our networks, but avoiding any possible interference with the running servers. In this case it is paramount to keep any CPU and NET workload caused by the scan as low as possible (i.e. a low profile scan). Microsoft SMB servers must be excluded from the results, as we are looking specifically into SAMBA servers.

 

For that, I intend to create a new Option Profile with the following configuration:

 

- Overall Performance: Low

- TCP/UDP Ports

UDP/137    - used by nmbd
UDP/138    - used by nmbd
TCP/139    - used by smbd
TCP/445    - used by smbd

- Vulnerability Detection: when configuring "Vulnerability Detection" it comes to the point in which we are not sure which QIDs should be chosen.

 

Could anyone recommend which QIDs should be assigned to this scan profile, keeping in mind that the most important goal here is to keep CPU and Net workload as low as possible?

 

Do you think that including the QID 70064 (Samba Remote Code Execution Vulnerability) would be enough to identify my samba servers?

 

 

Thanks in advance for any insights in this issue.

 

Regards

Joao

 

edited to add reference:

http://www.samba.org/samba/docs/server_security.html

 

Message was edited by: Joao Mendonca

Outcomes