Scan differentiate between existent and non-existent IPs

Good Afternoon

I would like to know:

  1. Whether OpenVAS can differentiate between a non-existent IP and one which blocks traffic from the OpenVAS server.

  2. OpenVAS often reports that an older (vulnerable) version of an application is running on a server, but I guess the current test do not determine whether the setup is vulnerable. Will a more in depth test (that comes with some risks) be able to indicate whether the system is indeed vulnerable or not?

  1. If there is no mean of getting any response from the IP there is just no way to tell whether the IP is dead or just blocking every request.

  2. This depends on the vulnerability itself and if there is another VTS which would check against this vulnerability. In general the system owner should have all the relevant information about version, configuration or other (security) measures to decide if their setup is indeed vulnerable or not.
    Another thing to look at is the QoD (Quality of Detection) value of the VTS as it gives you some hint of the probability of a false-positive.


This is what i have found and read up so far :

  1. During a typical scan (either “Discovery” or “Full and Fast”) the GSM will by default first use the ping command to check the availability of the configured targets. If the target does not reply to the ping request it is presumed to be dead and will not be scanned by the port scanner or any NVT.

But sometimes (local) firewalls or other configuration might suppress the ping response. If this happens the target will not be scanned and will not be included in the results and the scan report.

To remediate this problem, both the target configuration and the scan configuration support the setting of the alive test

If the target does not respond to a ping request, a TCP Ping may be tested. If the target is located within the same broadcast domain, a ARP Ping may be tried as well.

Thank you.

  1. That is why trying to find a way to see if something is blocking a scan so i can make sure that admins actually make sure they correct the server problems rather than just blocking the scan.

  2. Thank you will take a look at that.