How long should a scan of a dozen systems take?

Hello all

I built the latest version from the sources and did individual scans at first of one Windows 10 client and one Linux system. Each scan took about 20 minutes.

Then I created a target consisting of 12 IPs within the /24 in which GCE is installed and a new Task using this target. The scan of this took 12 hours! I always used default settings because that’s how I typically become familiar with new software.

Should scanning a dozen systems take 12 hours, however? (And why don’t I see anything regarding our commercial firewall appliance in the reports? Is this because I’m using the Community Edition?)

Could my firewall on the Debian 12.7 GCE box (running on Hyper-V) be a roadblock here? For admin convenience I changed the config so that you can connect to the UI from any IP and added some firewall rules with ufw to limit http connections to our admin workstations. I see a lot (actually, A LOT) of “UFW BLOCK” messages in journalctl with seemingly random source and destination ports, source IP matching one of the systems in the Target list, and destination IP of the GCE box. I still see these messages which started to come in when I started the scan, now although the scan has concluded a while ago.

Thanks for any input.

Here are some attempts to answer your questions:

If the device has vulnerabilities and they are not detected, then, this is likely because you are using the Greenbone Community Feed. However, you have not really provided enough details to completely assess this. You can visit the SecInfo portal to see a comprehensive list of all Enterprise and Community Feed NVTS.

Sure, it is. Your firewall is simply dropping packets, so the timeout threshold for each VT must be reached before going on to the next test. So, this will cause a significant limit to scan efficiency. The scanner host’s resources can also play a significant role in the time to conduct a scan. So can settings such as “Alive detection” method, network latency, and the hosts being scanned. There are so many other factors for which we have no information here.

1 Like

Further reading around this topic in the documentation: