Our instance of the OpenVAS scanner keeps locking our “root” account when running on one of our subnets. Is there a way to ensure this does not happen as part of the vulnerability scans? The internal alert we kept receiving: “Login attempt alert for from using SSH, IP will be blocked for 600 seconds.”
Here is our current setup (below).
-Port List: All IANA asigned TCP
-Alive Test: Scan Config Default
-Credentials: None specified (SSH has a dropdown menu for port 22, but nothing is selected).
-Apply Overrides: Yes
-Min QoD: 70%
-Scanner: OpenVAS Default
-Scan Config: Full and Fast
Any assistance or guidance would be helpful as we’d like to utilize this tool. We were under the impression that the Full and Fast does not brute force as it appears to the be only (best) lightweight option.