Re: [Openvas-plugins] [Openvas-discuss] "False negative" and strange UDP 32789 port

Fri, 08 Jan 2010 09:07:19 -0800 

Hello Jonas,

*** Jonas Andradas <[email protected]> wrote:
> Related to the false positive Fidel Castro reported on December 18th, I
> wanted to share a "false negative".  I am scanning an APC Smart-UPS 1000 RM
> device (with version 3.5.5 of APC OS).  On port 80 , there is a web server
> which, upon an empty GET request, freezes or, at least, becomes
> unresponsive. This also makes unresponsive the Telnet server running on the
> device.  After a while, services are restored.  OpenVAS did not report this
> issue, but Nessus 4 did report it as "Linksys WRT54G Empty GET Request
> Remote DoS".  

The feed contains 'linksys_empty_GET_DoS.nasl' which send an empty
GET Request to every open HTTP-Port. 

Please try to run this plugin at command-line.

openvas-nasl -X -t <target> /var/lib/openvas/plugins/linksys_empty_GET_DoS.nasl

Any result? Did the webserver freezes?
 
> The other issue I would like to comment and ask about is that on some of my
> recent scans, I've seen that, when there is an SNMP service with default
> credentials ("public" and/or "private", for example), sometimes I get a
> result in the report for a Security Hole on port 32789 UDP, which states
> that an SNMP server responds to these default community names. I was not
> scanning that UDP port on the Options (and I have checked the parameter that
> makes consider all unscanned ports as closed). 

Port 161 and port 32789 are hardcoded in snmp_default_communities.nasl.

Please try to run this plugin at command line too. Maybe have a look
at the traffic by running tcpdump or wireshark.

I would be happy to help you, but for that I need your support. If
you're willing to do, just contact me privately. Then we can make a
few tests...

Micha

-- 
Michael Meyer                                         OpenPGP Key: 76E050B9
http://www.intevation.de
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins

Reply via email to