I’ve got one quick question. I did some googling/searching here but didn’t really find proper answer. Question is, Can I somehow scan hosts that are behind NAT/router host?
- proxy/router host with public IP
- target host with private IP that is accesible only from proxy/router host
I tried to set up ssh proxy in ~/.ssh/config to make openvas go through that proxy host but it throws
SSH Authorization check:
It was not possible to login using the provided SSH credentials even though I have them correct since I can manually ssh to that target host.
I know that I can set up omp slave host but I would need like 40 of those and it’s kind of resource heavy so looking for easier solution to this (ideally on openvas level)?
Sorry if it’s in wrong section. I’m talking about Openvas 9, please move thread if I messed up.
- I did not configure port forwarding, because I have more than 1 machine behind this router. Should’ve mention that, sorry.
- In this example, all of them that have account on both router and priv machine and know priv IP. I’m using router only as jump host using ProxyCommand. Example setup
ProxyCommand ssh openvas@ nc %h %p
$ ssh openvas@<privip> works and I am able to connect to this machine. (But this could be problem if I would have 2 same subnets. Eg host1 with 10.10.10.10 and host2 with 10.10.10.10 (behind 2 different public IPs)
Use a OpenVPN or IPSec Tunnel to tunnel/VPN into the “private space”, as soon you are directly connected with your private space you can scan what you want, secure and encrypted
Is there really no easier way to do this than setup 30 tunnels? I did set up ssh jump host and can manually ssh into this “private” machine (as I said) but openvas doesn’t want to use this and throws authorization check
Easy would be to the state of the art networking technology like IPv6 and not legacy technology with NAT
If you have so many zones, deployment of Scan-Sensors would help you as well. You place into every zone a sensor that connects to your master. This would need a lot of scripting and work to get this setup.