>>> Darren Spruell <[EMAIL PROTECTED]> 25-6-2004 16:38:29 >>>
Jaap Ruijgrok wrote: > When I scan a NetWare SMTP server, Nessus reports "unknown (514/udp): > port is open". Later Nessus reports a vulnerability regarding > WinSyslog > on this port (514). > > This mailserver sits behind a firewall (Cisco PIX) and I'm sure UDP > 514 > is not in any of the access-lists. However the PIX has a fixup for > rsh > 514. > > > My question is: why is UDP/514 mentioned as a vulnerability? It's flagging that based on the fact that your scanner has unrestricted access to udp/514, which is usually a Syslog server listening for network transfers. Being UDP and often having no rate limiting, syslogd is usually considered a bad thing to have wide open. If you're filtering that address/port from the Internet and only authorized clients can reach it, you can probably disregard it. -- DS Hi Darren, Ny Nessus scanning comes from the internet thru a firewall to a server. It "sees" UDP/514 as vulnerable port. Problem is that the firewall does not allow 514 traffic in any way. So why does Nessus report this port? JR _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
