[unisog] Remote detection of vulnerable OpenSSL versions (fwd)

Russell Fulton r.fulton at auckland.ac.nz
Wed Sep 18 20:02:54 GMT 2002


On Thu, 2002-09-19 at 04:50, Anderson Johnston wrote:
> 
> I'm sure these guys know what they are doing, but I hesitate to detect
> buffer overflow conditions by causing buffer overflows - even little ones.
> Has anyone more courageous than I tried this?
> 

After a little testing on machines with know configurations I did an
nmap scan of the whole /16 for 443,993 and 995 and ran this tool against
everything that responded.  Worked just great, no complaints from
anyone.  And it found several systems that I had missed in my port 80
probes.

BTW, for testing SPOP and SIMSP	don't use the -P or -I flags just give
the portnumber.

It turned up a lot of windows boxes that are listening on 443 but not
responding to ssl negotiations.  I have yet to investigate this.  There
were also a few boxes with 'real' certs (signed by well known CAs) that
return X.509 errors of some sort.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list