| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| More services than machines https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=1271 |
Page 1 of 1 |
| Author: | lorenz [ Sat Aug 19, 2006 11:20 am ] |
| Post subject: | More services than machines |
That's the matter, i have 126 systems discovered but 206 VNC servers (in home page i mean). There are many duplicated entries. [quote]... 10.5.5.46 1AP0037 VNC Server Version 4 True 10.5.5.46 1AP0037 VNC Server Version 4 True 10.5.5.7 1AP0040 VNC Server Version 4 True 10.5.5.7 1AP0040 VNC Server Version 4 True 10.3.5.156 AGE0001 VNC Server Version 4 True ... The same thing with the other services in home page (terminal & telnet, 4 example) Why this?? This is what i have in the service table for Telnet service [quote]service_id service_uuid service_display_name service_name service_path_name service_started service_start_mode service_state service_count service_timestamp service_first_timestamp 4481 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818090156 9485 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818110221 15117 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818130200 This is the query : [quote]SELECT * FROM `service` WHERE `service_display_name` = 'Telnet' AND `service_started` = 'True' There is 3 times the same machine. Also in the home page. I think that this kind of query must returns 1 line for each service_uuid, service_display_name pair, the service_first_timestamp must be always the same and service_timestamp must change every discovery. Probably now it is not thus, how you can see by the query result. For the other services is the same. Why? Where is the problem? SVN the solution. Isn't it? regards [color=blue]Lorenz[/color] |
|
| Author: | mikeyrb [ Sat Aug 19, 2006 2:11 pm ] |
| Post subject: | |
One way this can happen is if it was detected by WMI as a service, and also by nmap, as an open port. It isn't very smart yet, but it will be! |
|
| Author: | lorenz [ Sat Aug 19, 2006 5:50 pm ] |
| Post subject: | |
[quote="mikeyrb"]One way this can happen is if it was detected by WMI as a service, and also by nmap, as an open port. It isn't very smart yet, but it will be! Sorry but NMAP is not installed on the machine that makes the domain inventory. So, the problem could not be there. 
[color=blue]L[/color] |
|
| Author: | A_Hull [ Sat Aug 19, 2006 6:03 pm ] |
| Post subject: | |
I was seeing this, every time I audit, another instance of the services! 
|
|
| Author: | matze [ Sat Aug 19, 2006 9:31 pm ] |
| Post subject: | |
By the way: "True" for key as a running service works only at an english version auf Windows. In my case, with german windows, "True" is called "Wahr". |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|