Hi,
I don't know about those ports on the VPN concentrators but
if you don't know whether it's a false alarm and don't have access
to the system either, best is to use tcpdump/(t)ethereal while you
netcat/telnet to the port. If you get no TCP packet back the it's
very likely a false positive.
Cheers,
Dirk
Rick Zhong wrote:
Hi,
I was carrying out a pen-test on a Cisco VPN Concentrator (3000),
nessus 3.0 scan discovered a number of mail-related ports such as SMTP
at 988, imaps at 993 and https at 443. I try to telnet to the port
988 to verify but cannot get anything even a banner.
Initially i considered this as false positive, but after some search
on google, it seems Cisco VPN Concentrator do has some smtp proxy at
port 988 and imaps services. I cannot find any other traces of these
smtp ports besides the nessus report.
Is there anyone has more information on these smtp proxy services on
Cisco VPN concentrator (3000)? Any known security issues with these
services on? Thanks.
regards,
Rick Zhong
www.sinfosec.org
www.security.org.sg
--
Dirk Wetter, Dr. Wetter IT-Consulting
IT-Security + Open Source http://drwetter.org
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3 64E5 C967 34D8 11B7 C62F
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
