Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Arkoon Appliance Detection

🗓️ 26 Aug 2004 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 23 Views

Detects if a remote host is an Arkoon security appliance with specific TCP ports open.

Refs
Code
SourceLink
arkoonwww.arkoon.net/
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14377);
 script_version("1.9");
 script_cvs_date("Date: 2019/09/25  9:17:09");

 script_name(english:"Arkoon Appliance Detection");
 script_summary(english:"Determines if the remote host is an Arkoon");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is a firewall." );
 script_set_attribute(attribute:"description", value:
"The remote host has the three TCP ports 822, 1750, 1751
open.

It's very likely that this host is an Arkoon security dedicated
appliance with ports

 TCP/822  dedicated to ssh service
 TCP/1750 dedicated to Arkoon Manager
 TCP/1751 dedicated to Arkoon Monitoring

Letting attackers know that you are using an Arkoon 
appliance will help them to focus their attack or will 
make them change their strategy. 

You should not let them know such information." );
 script_set_attribute(attribute:"see_also", value:"http://www.arkoon.net/" );
 script_set_attribute(attribute:"solution", value:
"Do not allow any connection on the firewall itself, except 
for the firewall protocol, and allow that for trusted 
sources only.

If you have a router which performs packet filtering, then 
add ACL that disallows the connection to these ports for 
unauthorized systems.");
 script_set_attribute(attribute:"risk_factor", value:"Low");

 script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"x-cpe:/h:arkoon:firewall");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Firewalls");

 script_require_ports(822,1750,1751,1752);
 exit(0);
}

#
# The script code starts here
#

if((get_port_state(822))&&
   (get_port_state(1750))&&
   (get_port_state(1751)))
{
 
 soc1 = open_sock_tcp(822);
 if(!soc1)exit(0);
 banner = recv_line(socket:soc1, length:1024);
 close(soc1);
 #SSH-1.5-SSF
 if (!(egrep(pattern:"SSH-[0-9.]+-SSF",string:banner)))
 exit(0);
 
 soc2 = open_sock_tcp(1750);
 if(!soc2)exit(0);
 close(soc2);

 soc3 = open_sock_tcp(1751);
 if(!soc3)exit(0);
 close(soc3);
 
 # post the warning on every port
 security_note(0);
}
exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Sep 2019 00:00Current
5.5Medium risk
Vulners AI Score5.5
arkoon appliancetcp portssecurity measuresfirewall protection
23