This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: Scanning despite exclusion
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-03-2020 12:33 PM
Hello community,
we have a hardware firewall which should not be scanned by ls.
Wherefore I excluded the device via asset type and ipadress in "Scanning Exclusions".
But every scanning turn i got three mails from my firewall about an "Failed SSH login" from a user set up for LS scanning.
Is there any other option for exclusion of SSH scanning on that device?
Thanks for your help.
we have a hardware firewall which should not be scanned by ls.
Wherefore I excluded the device via asset type and ipadress in "Scanning Exclusions".
But every scanning turn i got three mails from my firewall about an "Failed SSH login" from a user set up for LS scanning.
Is there any other option for exclusion of SSH scanning on that device?
Thanks for your help.
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-04-2020 05:27 PM
Scanning exclusions, especially asset type exclusions will not prevent all scanning queries from being sent. For asset type exclusions specifically this is due to the scanning logic having to first identify the asset's type, which may involve SSH queries. Scanning exclusions will prevent scanned data from being added after the exclusion is added.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-04-2020 05:27 PM
Scanning exclusions, especially asset type exclusions will not prevent all scanning queries from being sent. For asset type exclusions specifically this is due to the scanning logic having to first identify the asset's type, which may involve SSH queries. Scanning exclusions will prevent scanned data from being added after the exclusion is added.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-14-2020 08:27 AM
I found out that the message was from vpn devices connected to the firewall, so i had to exclude those too. I split up all ip ranges to exclude all these single IPs. Sadly scanning targets now look a little messed up.
Maybe for further development: Excluding a single ip in "Scanning Exclusions" should exactly do this. Excluding the IP completely by splitting up the ranges without the necessity for the user to do so.
Thanks for your help.
Maybe for further development: Excluding a single ip in "Scanning Exclusions" should exactly do this. Excluding the IP completely by splitting up the ranges without the necessity for the user to do so.
Thanks for your help.
Bruce.B wrote:
Scanning exclusions, especially asset type exclusions will not prevent all scanning queries from being sent. For asset type exclusions specifically this is due to the scanning logic having to first identify the asset's type, which may involve SSH queries. Scanning exclusions will prevent scanned data from being added after the exclusion is added.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2020 03:59 PM
I set up an IP range that excludes the firewall.
For example:
192.168.15.1 - 192.168.15.240
192.168.15.242 - 192.168.15.254
So 241, the firewall, is left out.
I still got the ssh login attempt. Interestingly some minutes after scanning is finished.
I will try some other changes next week. Thanks so long for your support.
For example:
192.168.15.1 - 192.168.15.240
192.168.15.242 - 192.168.15.254
So 241, the firewall, is left out.
I still got the ssh login attempt. Interestingly some minutes after scanning is finished.
I will try some other changes next week. Thanks so long for your support.
Bruce.B wrote:
Scanning exclusions, especially asset type exclusions will not prevent all scanning queries from being sent. For asset type exclusions specifically this is due to the scanning logic having to first identify the asset's type, which may involve SSH queries. Scanning exclusions will prevent scanned data from being added after the exclusion is added.
If you want to be certain SSH isn't used to authenticate, I'd recommend instead modifying the IP Range scanning target that contains this device via Scanning\Scanning Targets and enabling the No SSH option. If the IP Range contains devices that you would like SSH to be used for, you'll need to split up the IP Range into multiple ranges first. Create as many smaller ranges as are necessary and delete the larger range.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-04-2020 04:03 PM
Have you tried removing the SSH credentials from the scanning credentials settings?
pskup wrote:
Hello community,
we have a hardware firewall which should not be scanned by ls.
Wherefore I excluded the device via asset type and ipadress in "Scanning Exclusions".
But every scanning turn i got three mails from my firewall about an "Failed SSH login" from a user set up for LS scanning.
Is there any other option for exclusion of SSH scanning on that device?
Thanks for your help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-04-2020 04:28 PM
Hello Brandon, thanks for your answer. Yes, i deactivated it completely. That stopped the faulty scanning. But i need SSH scanning credentials for some other devices. I just want to exclude the firewall.
At the asset page LS shows an exclusion message.
"This IP address is excluded from scanning!"
But LS still scan that asset.
At the asset page LS shows an exclusion message.
"This IP address is excluded from scanning!"
But LS still scan that asset.
Brandon wrote:
Have you tried removing the SSH credentials from the scanning credentials settings?
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Wifi Scanning in General Discussions
- Package deployment for assets scanned via LSAGENT in Deployment Packages
- Scanning time in General Discussions
- Scanning ForcePoint Appliances in General Discussions
- Assets in Lansweeper having the DNS entry changed from the asset name to an IP followed by .ec2.inte in General Discussions
