search

Quantalytics / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Agentless scan over SMB #40

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hello,

This is not an issue i just would like to understand how agentless scan over 
SMB works.
If i understood well, when you run this type of scan, in order to perform the 
scan of the files itselves, the tool copied the files to OpenDLP server 
(/tmp/OpenDLP/1) over the network and scan the file.

After, the file(s) is(are) deleted from OpenDLP.

Is this correct?

So this kind of scan if bandwitdth consuming so...

Thanks help me to understand well.

Great tool in any case.

Regards,
Fabrice

Original issue reported on code.google.com by fabrice....@gmail.com on 12 Jan 2012 at 3:45

GoogleCodeExporter commented 9 years ago 
Yes, an agentless scan will download every file. It only temporarily writes ZIP 
files to "/tmp/OpenDLP/*" and keeps all other files in memory. If you scan 
several systems at the same time with an agentless scan, it will go very slow 
(bandwidth and CPU restrictions).

If you are concerned about this bandwidth, I highly recommend running an agent 
scan. In an agent scan, an agent is installed on the remote system, then the 
agent locally searches the files. The only network traffic happens when the 
agent uploads results to the server.

For more information, see my two talks about it here:
- Shmoocon: http://www.youtube.com/watch?v=kz3M--LhyBg
- Defcon: https://www.youtube.com/watch?v=Xv8kbjziCds

Original comment by andrew.O...@gmail.com on 12 Jan 2012 at 3:56