Openvas scanner running slow on ubuntu

since we migrated our openvas from a Kali VM to a Ubuntu one, we have huge performance problems with scans.
Results of the scans are ok but the scan duration is weird.

  • The openvas VM is behind a firewall but all is opened and no packet were dropped
  • Targets are behind a firewall but all is opened and no packet were dropped
  • logs at the standard level show no errors and we don’t know how to determine which parts of the scans cause this slowness.
  • Scan configurations are the same for the 2 VMs:
    • Target(s): All IANA assigned TCP and UDP (11318 ports)
    • Alive Test: Consider Alive
    • Scan Config: Full and fast
    • Maximum concurrently executed NVTs per host: 4
    • Maximum concurrently scanned hosts: 20

Case 1, 1 host scanned:

  • Kali VM: scan duration: 21 minutes
  • Ubuntu VM: scan duration: 2 hours

Case 2: 55 hosts:

  • Kali VM: scan duration : 3 h
  • Ubuntu VM: scan duration: 1 day, 2:29 h

Kali VM configuration:

  • Version Kali : 2021.3
  • RAM : 8GB
  • CPU : 1
  • Openvas version : 20.08.1~git (package kali)
  • PostgreSQL: 13.4 (Debian 13.4-3)
  • Installation method: kali package

Ubuntu configuration (new VM)

  • Ubuntu 20.04.1 LTS (5.4.0-73-generic)
  • RAM : 16GB
  • CPU : 2
  • OpenVAS : Version 21.04.0 (package git-218d6fa01-gsa-21.04)
    • Greenbone Security Assistant 21.04.0~git-218d6fa01-gsa-21.04
    • Greenbone Vulnerability Manager 21.4.0~git-c287c174-gvmd-21.04
    • OpenVAS 21.4.1~git-7d6eff81-openvas-21.04 (gvm-libs 21.4.1~git-83cf2)
  • Installation method:

One strange thing noticed on gsa: Scanner preferences for all scan configs are empty

I don’t know where to investigate more and if it is an hardware or sofware problem.

Any help or suggestion is welcome.

Please note, if this firewall is stateful, it might slow your traffic down due to the session limits.
Do not use any stateful firewall while running massive amount of sessions e.g. UDP. As you noticed your OS is the problem.

1 Like

Sorry, my mistake, after checking it, the Ubuntu VM IS NOT behind a firewall (only targets)