AnsweredAssumed Answered

Scanning an internal Firewall

Question asked by iceblue on Mar 14, 2012
Latest reply on Mar 22, 2012 by iceblue

Hi

 

I have an internal Qualys scanner on site.  I want to scan an internal firewall.  A firewall policy has been installed to access the Qualys box and has been tested.  When attempting an authenitcated scan (with the correct credentials) the report states that authentication failed.  Using a SIEM tool i can see the firewall permit events so the firewall is not blocking Qualys.  It is not being blocked and the credentials are definately correct, has anyone experienced this?  The OS running on the firewall i want to scan is FreeBSD.  Please see the logs from the firewall i am attempting to scan below:

 

Feb 28 12:33:00 xxxxxxxxx <cron.[LOG_INFO]> /usr/sbin/cron[41338]: (operator) CMD (/usr/libexec/save-entropy)

Feb 28 12:37:09 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41344]: Did not receive identification string from 10.117.x.x

Feb 28 12:37:41 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41404]: Did not receive identification string from 10.117.x.x

Feb 28 12:37:54 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41345]: Did not receive identification string from 10.117.x.x

Feb 28 12:37:54 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41461]: Did not receive identification string from 10.117.x.x

Feb 28 12:37:54 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41464]: Accepted keyboard-interactive/pam for svcqualys from 10.117.x.x port 43437 ssh2

Feb 28 12:37:54 xxxxxxxxx <auth.[LOG_NOTICE]> sshd-x[41467]: in pam_sm_open_session(): (sshd) session opened for user svcqualys by root(uid=0)

Feb 28 12:38:26 xxxxxxxxx <auth.[LOG_NOTICE]> sshd-x[41467]: in pam_sm_close_session(): (sshd) session closed for user svcqualys

Feb 28 12:38:26 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41405]: Did not receive identification string from 10.117.x.x

Feb 28 12:38:26 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41631]: Did not receive identification string from 10.117.x.x

Feb 28 12:38:32 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41558]: Did not receive identification string from 10.117.x.x

Feb 28 12:38:38 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41777]: Accepted keyboard-interactive/pam for svcqualys from 10.117.x.x port 44240 ssh2

Feb 28 12:38:38 RDGFINT1 <auth.[LOG_NOTICE]> sshd-x[41782]: in pam_sm_open_session(): (sshd) session opened for user svcqualys by root(uid=0)

Feb 28 12:38:49 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41736]: Did not receive identification string from 10.117.x.x

Feb 28 12:38:57 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[41934]: Did not receive identification string from 10.117.x.x

Feb 28 12:39:09 xxxxxxxxx <auth.[LOG_INFO]> sshd-x[42045]: Did not receive identification string from 10.117.x.x

Feb 28 12:39:11 xxxxxxxxx <auth.[LOG_NOTICE]> sshd-x[41782]: in pam_sm_close_session(): (sshd) session closed for user svcqualys

 

Thanks

Outcomes