False positive or not false positive


#1

I run scans of all our ip’s, domaines, … on a weekly basis.
For our Wordpress hosted by OVH, we receive what I consider FALSE POSITIVEs :
-> Site is sensitive to Ping of death (hu ?)
-> There is according to OpenVas a Win98 in the way
-> There is also an old Linksys router sensitive to the GET of death (“http GET /” would freeze the machine).
Looking for more information, I cannot find information that those are false positive… what I find odd / peculiar.

\T,


#2

Hi,

please have a look at Call for info: Unknown OS and Service Banner Reporting for ways to identify how the OS was determined and a possible output which could help to improve the detection.

If you’re getting this vulnerability messages this means you’re using either any of the pre-defined Ultimate scan configs or using an own scan configuration with safe_checks set to no. When using those scan configs you need to live with possible false positives if OpenVAS/GVM is trying to stop a service or kill a host as there is no absolutely reliable way to check this.

Please switch back to the highly recommended Full and Fast scan configuration (without the Ultimate in the name) to avoid such situations if required.

If you want to keep the current used scan config it is up to you to research and decide if this is a false positive or not and if you want to work with an override as described in Overrides and False Positives.


#3

As a side-note:

The last time i had a hand on OVH servers i read that they are using various sorts of protection mechanisms (WAF, DDoS protection) for all their servers by default which can’t be disabled. If you’re scanning the target from the “outside” those mechanisms might kick in, the targets stops responding and thus the vulnerability messages might show up.

Back then they had offered some sort of “Audit/Vulnerability-Scanning IP” where you could access the server unfiltered for exactly such vulnerability scanning topics. This IP was available as an extra package which needs to be booked separately.