Hey all -
need some suggestions. I have an internal scanner appliance scanning an internal host. They are both on the same subnet with no firewall/ips in between them. I can ping the host by IP but when I scan it by IP I get no host alive. I'm running a FULL scan with all the defaults. I'm tried variations and still keep get no live hosts. Any suggestions?
thanks.
Hey Caleb,
I know this is the old thread but I have the same issue , I tried with opening ICMP echo request but still showing host not alive in PCI scan report. My question is only ICMP echo request is enough or need to open any other ICMP types from below snap?
Yes but I would like to tell you this is the external PCI scan and we don't have any ACL's placed. I allowed ICMP echo request in AWS security group.
I am running scan against the same machine which has 3 interfaces ( 4 public IP's) and two of them are accept the connection port 443 and scan is succeeded against those interface IP's.
If I read your reply correctly, you are performing an external scan on an AWS instance, is that correct? If yes, have you submitted a request for permission to scan externally to AWS?
You will need to secure prior approval from AWS (by filling in AWS Vulnerability Testing Request) if you are planning to use Qualys external scanners for scanning AWS instances. You can refer to AWS Acceptable Use Guidance For Scanning for more details on AWS approval.
Penetration Testing - Amazon Web Services (AWS) Don't let the page title throw you off. The information on this page refers to any scanning of external (perimeter) assets hosted at AWS, not just penetration testing.
Hey Thank you for this update, but if that is the case I am running PCI scan on 7 perimeter IP's and result report giving 4 hosts are alive and 3 host's not alive. I wonder if approval matters, it should return the results as host not alive for all of them right?
AWS has a set of consequences for purposeful scanning without approval. I strongly recommend you proceed through proper channels before continuing to scan.
Hello, Jessica-
When a scan is run, the first portion of the scan is Host Discovery. During this portion of the scan, we are attempting to determine what hosts are live (as the name suggests). The host discovery options (located in the 'additional' section when viewing or editing an Option Profile within the QualysGuard UI) are what the scanner will do during host discovery. By default this will be 13 TCP queries and an ICMP Echo Request (ping).
Based on what (if any) responses we get to these queries we determine if anything is live and if we should proceed with scanning.
I would suggest, as a next step, that you launch a scan against a single host and include the 'scan dead hosts' option - this will launch the vulnerability scan against your target even if it doesn't return a 'live' response to the Host Discovery.
If you get data back with 'scan dead hosts' enabled, then you know that something is preventing the target from responding to our queries during Host Discovery - and if you still get a 'No Host Alive' result, then you know something is preventing ALL traffic from getting to the target (or back from it to the scanner).
In either case, you might want to contact Support directly so we can work with you on this.
-Caleb