arkoon.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#
# This script is released under the GNU GPLv2

if(description)
{
 script_id(14377);
 script_version ("$Revision: 38 $");
 name["english"] = "Arkoon identification";
 name["francais"] = "Identification de Arkoon";
 
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "
The remote host has the three TCP ports 822, 1750, 1751
open.

It's very likely that this host is an Arkoon security dedicated
appliance with ports

 TCP/822  dedicated to ssh service
 TCP/1750 dedicated to Arkoon Manager
 TCP/1751 dedicated to Arkoon Monitoring

Letting attackers know that you are using an Arkoon 
appliance will help them to focus their attack or will 
make them change their strategy. 

You should not let them know such information.

Solution : do not allow any connection on the
firewall itself, except for the firewall 
protocol, and allow that for trusted sources
only.

If you have a router which performs packet 
filtering, then add ACL that disallows the
connection to these ports for unauthorized
systems.

See also : http://www.arkoon.net
Risk factor : Low";


 desc["francais"] = "
Le syst鑝e distant a les trois ports TCP 
822, 1750 et 1751 ouverts.

Il est tr鑣 probable que ce syst鑝e soit en
fait une appliance Arkoon d閐i