[Openvas-plugins] Unknown Service Detection

Mon, 19 Mar 2018 00:24:42 -0700 

Hello

I have encountered an ID: 1.3.6.1.4.1.25623.1.0.11154 result that I can confirm.

Locally, this information is available:

C:\Windows\system32>netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
(...)
  TCP    0.0.0.0:8083           0.0.0.0:0              LISTENING       9648
  TCP    0.0.0.0:9099           0.0.0.0:0              LISTENING       9648

C:\Windows\system32>wmic process get ProcessID,Name,ExecutablePath
ExecutablePath                                                                  
                                                Name                            
      ProcessId
(...)
C:\Program Files (x86)\Eyelock Corporation\MyrisSDK\bin\MyrisService.exe        
                  MyrisService.exe           9648

The service is related to Iris scanners 
https://www.eyelock.com/index.php/products/myris

This result was observed on port 8083/TCP:

Method: get_http

0x00:  55 6E 6B 6E 6F 77 6E 20 6D 65 73 73 61 67 65       Unknown message

The same process is also running an unidentified SSL-wrapped service on port 
9099.  It apparently doesn't use a certificate, only anonymous cipher suites 
were supported.  OID 1.3.6.1.4.1.25623.1.0.900234 reported the following:


No 'Strong' cipher suites accepted by this service via the SSLv3 protocol.



'Medium' cipher suites accepted by this service via the SSLv3 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA



'Weak' cipher suites accepted by this service via the SSLv3 protocol:



TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Null' cipher suites accepted by this service via the SSLv3 protocol.



'Anonymous' cipher suites accepted by this service via the SSLv3 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Strong' cipher suites accepted by this service via the TLSv1.0 protocol.



'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA



'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:



TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.



'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Strong' cipher suites accepted by this service via the TLSv1.1 protocol.



'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA



'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:



TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.



'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Strong' cipher suites accepted by this service via the TLSv1.2 protocol.



'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA



'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:



TLS_ECDH_anon_WITH_RC4_128_SHA



No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.



'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol:



TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

TLS_ECDH_anon_WITH_RC4_128_SHA


Thank you

Mark Senior
Senior Security Analyst, Information Risk Management
Alberta Health Services (Edmonton)
21st floor, 10004 - 104 Avenue  Edmonton AB T5J 0K1
mark.sen...@albertahealthservices.ca<mailto:mark.sen...@albertahealthservices.ca>
Phone 780-809-8761


________________________________
This message and any attached documents are only for the use of the intended 
recipient(s), are confidential and may contain privileged information. Any 
unauthorized review, use, retransmission, or other disclosure is strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately, and then delete the original message. Thank you.

_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Reply via email to