[Openvas-discuss] Vulnerability found on blocked port

Thijs Stuurman Thijs.Stuurman at internedservices.nl
Wed Aug 16 12:32:33 CEST 2017


Remi,

This vulnerability is specific to the BlackIce firewalling solution(s) which I believe is just software running on the host OS of the system.
I do not know how it detected this but you got options:

- either you don’t run the blackice firewalling solution and this is a false positive
- or you do run this software, check the CVE-2002-0237 and your current software version to see which further actions are required to remediate the issue.


Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuurman at internedservices.nl<mailto:thijs.stuurman at internedservices.nl> | thijs.stuurman at kpn.com<mailto:thijs.stuurman at kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman

Van: Rémi Liquete [mailto:remi.l034 at gmail.com]
Verzonden: woensdag 16 augustus 2017 11:52
Aan: Thijs Stuurman <Thijs.Stuurman at internedservices.nl>
CC: openvas-discuss at wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Vulnerability found on blocked port

Here is the OID number : 1.3.6.1.4.1.25623.1.0.10927
Regards,
Rémi

2017-08-16 11:28 GMT+02:00 Thijs Stuurman <Thijs.Stuurman at internedservices.nl<mailto:Thijs.Stuurman at internedservices.nl>>:
Remi,

What is the vulnerability OID number?
(This should be mentioned in the details of the vulnerability, at the bottem under the Log Method section)

Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuurman at internedservices.nl<mailto:thijs.stuurman at internedservices.nl> | thijs.stuurman at kpn.com<mailto:thijs.stuurman at kpn.com>
T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778>
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman

Van: Rémi Liquete [mailto:remi.l034 at gmail.com<mailto:remi.l034 at gmail.com>]
Verzonden: woensdag 16 augustus 2017 11:04
Aan: Thijs Stuurman <Thijs.Stuurman at internedservices.nl<mailto:Thijs.Stuurman at internedservices.nl>>
CC: openvas-discuss at wald.intevation.org<mailto:openvas-discuss at wald.intevation.org>
Onderwerp: Re: [Openvas-discuss] Vulnerability found on blocked port

Thank you for your answer.
Sorry for not being as clear as I wanted to.
I performed a scan on a server. This server is behind a firewall that blocks all port except 3 I am scanning, and blocks ICMP protocol.
At the end of the scan, I've checked the report and in this report, there is a vulnerability on ping flood in location "general/icmp".
As my firewall is supposed to block this protocol, how can OpenVAS find any vulnerability with this protocol ?
I hope I'm clear enough this time !

2017-08-16 10:53 GMT+02:00 Thijs Stuurman <Thijs.Stuurman at internedservices.nl<mailto:Thijs.Stuurman at internedservices.nl>>:
Rémi,

Your question is not very clear to me but I will try to answer.
First of all, which found vulnerability on the ICMP protocol? Detail your questions please.

Second, you cannot bypass the firewall … it’s a firewall, there doing what it is supposed to.
So either you find nothing, because of the firewall, and confirm your firewalling is OK.
Or you whitelist your scanner in the firewall and test the system regardless.


Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuurman at internedservices.nl<mailto:thijs.stuurman at internedservices.nl> | thijs.stuurman at kpn.com<mailto:thijs.stuurman at kpn.com>
T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778>
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-bounces at wald.intevation.org<mailto:openvas-discuss-bounces at wald.intevation.org>] Namens Rémi Liquete
Verzonden: woensdag 16 augustus 2017 10:46
Aan: openvas-discuss at wald.intevation.org<mailto:openvas-discuss at wald.intevation.org>
Onderwerp: [Openvas-discuss] Vulnerability found on blocked port

Hello,
I've perform a scan on 3 TCP ports (lists en ports lists).
The firewall blocks aswell the ICMP protocol.
The question is : Is that normal that OpenVAS found a vulnerability on the ICMP protocol ?
If this is normal, how can the scan bypass the firewall ?
Regards,
Rémi.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20170816/4b9ffec4/attachment.html>


More information about the Openvas-discuss mailing list