AnsweredAssumed Answered

enumerating system IP addressing without SNMP

Question asked by ed sherratt on Oct 14, 2014

We've recently encountered issues where we've been trying to enumerate the IP interfaces of systems using Authenticated scans with QID 78002, which, until recently was simply called "IP addresses detected", now "IP addresses via SNMP".

 

The title change was made during our queries to Qualys, as we were getting inconsistent results, so was probably just made to clarify how it works

.

It doesn't help however as some of the systems have SNMP disabled for security reasons, so we're still left with inconsistancies - has anyone else been able to enumerate multiple IP interfaces without SNMP? We wish to monitor and confirm that system admins aren't adding vulnerabilities by adding interfaces or subinterfaces.

 

To me it should be no issue to enumerate using a root enabled authenticated scan - it's a simple netstat/ifconfig isn't it?

 

Thanks,

Ed

Outcomes