M100764: Changes in name resolution for ManageSoft discovery using ping sweep (with or without individual port scan)

After doing a ping-based discovery (with or without individual port scan) using ManageSoft release 7.8 or later, no network host-names are returned. 

Symptoms

The following symptoms may appear when using ManageSoft release 7.8 or later:

  • No network devices are discovered after you perform a discovery using only the ping sweep option (with or without individual port scan).
  • You can do a ping -a <IP address> of a machine in the relevant IP address range, and retrieve a host name.

Cause

The root cause of this problem is that there are no host-names being returned from a DNS server. This can happen for at least two reasons:

  1. There may not be a DNS on the network, or any available DNS may not have the names of your target devices registered. If this is the case, the result of the ping test will be only a NetBIOS machine name, and not a fully qualified domain name.
  2. When there is a DNS available and correctly configured, ManageSoft may not be accessing the correct DNS, for the reasons explained next.

From ManageSoft release 7.8, a new version of MgsIPScan is used to perform discoveries. From this version, MgsIPScan has changed the way it determines a host name for an IP address. It now accesses a DNS server that is configured in the windows registry for the machine that is running MgsIPScan when it tries to resolve names for discovered IP addresses.

Note: This situation is quite likely to crop up in a POC where we may have taken a fully-configured administration server, including DNS, within a VMWare image into a test site. This preconfigured DNS is unlikely to have registered details of the target computers within the test environment.

To resolve this issue you may do one of the following:

  • Perform a Windows Browser Service discovery; OR
  • On the ManageSoft administration server, configure the default discovery options to use a particular DNS server or use the system-dns option, which is how MgsIPScan discovered names in previous versions. The registry key to configure is:
    HKLM\Software\ManageSoft\Discovery\ CurrentVersion\DefaultPingSweepOptions
    • To perform name resolution as in previous versions of ManageSoft: Set DefaultPingSweepOptions to:
      -PI --system-dns -sP
    • To perform name resolution using a specifc DNS server: Set DefaultPingSweepOptions to:
      -PI --dns-servers <serv1 [,serv2],...> -sP
  • On the ManageSoft administration server, configure the default discovery options for ping sweep and individual port scan to use a particular DNS server or use the system-dns option, which is how MgsIPScan discovered names in previous versions. The registry key to configure is:
    HKLM\Software\ManageSoft\Discovery\ CurrentVersion\DefaultScanOptions
    • To perform name resolution as in previous versions of ManageSoft: Set DefaultScanOptions to:
      -PI --system-dns -sU -sS
    • To perform name resolution using a specifc DNS server: Set DefaultScanOptions to:
      -PI --dns-servers <serv1 [,serv2],...> -sU -sS

This is a change in behaviour with MgsIPScan from ManageSoft 7.6.x to ManageSoft 7.8. This change should provide customers with quicker discovery times as well as allowing for more accurate network device name resolutions by being able to specify which DNS server to use.

More information

Nmap - Security Scanner for Network Exploration & Security Audits
http://insecure.org/nmap/

 

Comments

Powered by Zendesk