Boreas scans result unreliable

Building from Source and Advanced Topics
1

Hi all,

When using Boreas to scan for alive hosts in some subnets, I noticed that the result is missing some hosts that the scanner can ping and can be detected by Nmap. If I scan the subnet many times constantly, the result sometimes different (the detected host before now missing, the missing host before now alive…), but I can still ping all the hosts (not blocked).

I tried to enable verbose log for Boreas but didn’t find any useful information. Can anyone point me if I should change any default configurations, or how can I completely use Nmap instead of Boreas?

I built all GVM components and Boreas cmd tool from the latest git souce code.

2

Keep in mind, that ICMP might be unreliable, esp. if you route packages and you are not in the same collision domain. Do you use a sensor within the collision domain ? Many routers drop ICMP depending of his load behavior.

3

I don’t think that ICMP packages are filtered, because Nmap can always detect the host, and if I run Boreas many times repeatly, there is still a (low) chance that the tool reports the host alive.

I will try to debug using package captures later, but I’m asking here if anyone known the root cause and finding an alternative solution first.