Hey all -
need some suggestions. I have an internal scanner appliance scanning an internal host. They are both on the same subnet with no firewall/ips in between them. I can ping the host by IP but when I scan it by IP I get no host alive. I'm running a FULL scan with all the defaults. I'm tried variations and still keep get no live hosts. Any suggestions?
thanks.
Hello, Jessica-
When a scan is run, the first portion of the scan is Host Discovery. During this portion of the scan, we are attempting to determine what hosts are live (as the name suggests). The host discovery options (located in the 'additional' section when viewing or editing an Option Profile within the QualysGuard UI) are what the scanner will do during host discovery. By default this will be 13 TCP queries and an ICMP Echo Request (ping).
Based on what (if any) responses we get to these queries we determine if anything is live and if we should proceed with scanning.
I would suggest, as a next step, that you launch a scan against a single host and include the 'scan dead hosts' option - this will launch the vulnerability scan against your target even if it doesn't return a 'live' response to the Host Discovery.
If you get data back with 'scan dead hosts' enabled, then you know that something is preventing the target from responding to our queries during Host Discovery - and if you still get a 'No Host Alive' result, then you know something is preventing ALL traffic from getting to the target (or back from it to the scanner).
In either case, you might want to contact Support directly so we can work with you on this.
-Caleb