Rsync blocking from Greenbone?

Hello,

I have an installation where I’m not being able to sync the NVT feed.

It is a VMware virtual host configured to have full internet access. Something that I have validated with third parties’ infrastructure with outbound connections to the ports 80, 443,8000, 53000 as well as the rsync port 873.

As you can see below, port 873 is detected as open for feed.community.greenbone.net:

$ nmap -p 873 feed.community.greenbone.net -Pn

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.

Starting Nmap 7.91 ( [https://nmap.org] ) at 2022-03-08 14:06 CET
Nmap scan report for feed.community.greenbone.net (45.135.106.143)
Host is up (0.026s latency).
Other addresses for feed.community.greenbone.net (not scanned): 2a0e:6b40:20:106:20c:29ff:fe7f:d2ae

PORT STATE SERVICE
873/tcp open rsync
Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

Once trying to connect using nc I get the following message, so I validate that I’m able to reach the feed service:

$ nc -vvv feed.community.greenbone.net 873

Warning: Inverse name lookup failed for `45.135.106.143'
feed.community.greenbone.net [45.135.106.143] 873 (rsync) open
@RSYNCD: 31.0
Greenbone community feed server - [http://feed.community.greenbone.net/]
This service is hosted by Greenbone Networks - [http://www.greenbone.net/]
All transactions are logged.
If you have any questions, please use the Greenbone community portal.
See [https://community.greenbone.net] for details.

By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be temporarily blocked.
^CExiting.

Total received bytes: 450
Total sent bytes: 0

But once trying to sync with rsync using the regular command I get the following error:

(...)
Greenbone community feed server - [http://feed.community.greenbone.net/]
This service is hosted by Greenbone Networks - [http://www.greenbone.net/]
All transactions are logged.
If you have any questions, please use the Greenbone community portal.
See [https://community.greenbone.net] for details.

By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list

rsync: [receiver] read error: Connection reset by peer (104)
rsync error: error in socket IO (code 10) at io.c(784) [receiver=3.2.3]
rsync: connection unexpectedly closed (44 bytes received so far) [generator]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [generator=3.2.3]

I have validated that with other 3rd parties rsync services I have no problem. It’s just with the Greenbone one.

I know from this post: [General connection problems to feed server - #29 by tgurr] that there is a 24h antiabuse blacklist. But I have stopped the sync for several days and I’m still facing the same problem.

Does anyone know what could be happening here?

Thank you very much

Regards

There is something broken with your setup , there URLs are not part of any infrastructure. I would try to sync from a real system and not a cloud service or managed infrastructure. It looks like a firewall in your way is resetting your connection, not done by Greenbone.

Hello @Lukas,

When you talk about the URL you mean http://feed.community.greenbone.net/ ?

I thought that it was correct and in fact is the one we have on another installation working without problems.

If you talk about the eur02.safelinks.protection.outlook.com it was introduced automatically by Outlook since one of my colleagues sent me the logs through email.

I have removed it from my original post. I would apreciate if you can do the same with yours to prevent the SPAM reception (sorry for the inconvenience).

Regards

The URL is wrong, it is NOT http it is rsync://feed.community.greenbone.net

You have systems in between responsible for that issues.