Hey, guys,
I had problems while running some authenticated (SSH port 22) scan against internal network assets.
I did run the latest version of GVM with the most updated feed against a list of 45 Linux IPs and in less than 3 minutes, biggest part of that Linux VM’s running in a VMware Hypervisor suddenly froze, crashed and stopped its services. In an evaluation, we saw that all VMs had CPU and processing increased until 100% after GVM scan start.
I did run the scan considering almost all default configurations, such as “Scanner = OpenVAS Default”, “Scan Config = Full and fast”, “Maximum concurrently executed NVTs per host = 4”, “Maximum concurrently scanned hosts = 20”, “All IANA assigned TCP ports” and “Alive test = Scan Config Default”.
I read somewhere that maybe decreasing the maximum concurrently NVTs per host to 1, would go better but I’m trying to understand if I really need to do anything else to avoid crashing the target.
Do you have any useful information to help?
Additionaly, while analyzing logs from a single target that was scanned, we saw tons of attempts of connection coming from Kali VM which was running the GVM (See attachment - svc_secs was the service user for the authenticated scan).
Thanks all!