I do scan my network with a GSA Version 21.04.0 installed on a FreeBSD machine, using an IP address from the very same net. It finds all the open SMTP relays (which is fine and usefull), but some of them are totally legitimate: they must be open for addresses on their own network. Is there a best practice way for telling to the VT to skip frew IPs?
Sorry for my neweeism,
pteros.
Hello and welcome to this community.
If the scanned network should be seen as a āprivateā network (where such open relays should be allowed) by the scanner there is the following preference in the VT Global variable settings (OID: 1.3.6.1.4.1.25623.1.0.12288) available:
Network type
This is set to Mixed (use RFC 1918) by default but setting it to Private LAN should do the trick.
Another options is to work with overrides for the systems in question:
https://docs.greenbone.net/GSM-Manual/gos-21.04/en/reports.html#using-overrides-and-false-positives
Many thanks for your answer!
I think overrides are the best solution: I like the idea of being notified if something opens an smtp relay on a machine that is supposed to to other thingsā¦ 