Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Sat Feb 24, 2024 2:55 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
PostPosted: Sat Aug 19, 2006 11:20 am 
Offline
Newbie
User avatar

Joined: Wed Aug 16, 2006 9:06 am
Posts: 45
Location: Rome - Italy - Europe (GMT +2)
That's the matter, i have 126 systems discovered but 206 VNC servers (in home page i mean). There are many duplicated entries.

[quote]...
10.5.5.46 1AP0037 VNC Server Version 4 True
10.5.5.46 1AP0037 VNC Server Version 4 True
10.5.5.7 1AP0040 VNC Server Version 4 True
10.5.5.7 1AP0040 VNC Server Version 4 True
10.3.5.156 AGE0001 VNC Server Version 4 True
...

The same thing with the other services in home page (terminal & telnet, 4 example)
Why this??

This is what i have in the service table for Telnet service
[quote]service_id service_uuid service_display_name service_name service_path_name service_started service_start_mode service_state service_count service_timestamp service_first_timestamp
4481 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818090156
9485 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818110221
15117 50524259-3431-3234-3131-FFFFFFFFFFFF Telnet TlntSvr C:\WINNT\system32\tlntsvr.exe True Auto Running 57 20060818130200 20060818130200
This is the query :
[quote]SELECT * FROM `service` WHERE `service_display_name` = 'Telnet' AND `service_started` = 'True'

There is 3 times the same machine. Also in the home page.
I think that this kind of query must returns 1 line for each service_uuid, service_display_name pair, the service_first_timestamp must be always the same and service_timestamp must change every discovery. Probably now it is not thus, how you can see by the query result. For the other services is the same.

Why? Where is the problem?
SVN the solution. Isn't it?

regards
[color=blue]Lorenz[/color]

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Aug 19, 2006 2:11 pm 
One way this can happen is if it was detected by WMI as a service, and also by nmap, as an open port. It isn't very smart yet, but it will be!


Top
  
Reply with quote  
 Post subject:
PostPosted: Sat Aug 19, 2006 5:50 pm 
Offline
Newbie
User avatar

Joined: Wed Aug 16, 2006 9:06 am
Posts: 45
Location: Rome - Italy - Europe (GMT +2)
[quote="mikeyrb"]One way this can happen is if it was detected by WMI as a service, and also by nmap, as an open port. It isn't very smart yet, but it will be!


Sorry but NMAP is not installed on the machine that makes the domain inventory. So, the problem could not be there.

:cry:

[color=blue]L[/color]

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Aug 19, 2006 6:03 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I was seeing this, every time I audit, another instance of the services! :roll:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Aug 19, 2006 9:31 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
By the way: "True" for key as a running service works only at an english version auf Windows. In my case, with german windows, "True" is called "Wahr".


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group