[unisog] Remote detection of vulnerable OpenSSL versions (fwd)

Russell Fulton r.fulton at auckland.ac.nz
Wed Sep 18 20:02:54 GMT 2002

On Thu, 2002-09-19 at 04:50, Anderson Johnston wrote:
> I'm sure these guys know what they are doing, but I hesitate to detect
> buffer overflow conditions by causing buffer overflows - even little ones.
> Has anyone more courageous than I tried this?

After a little testing on machines with know configurations I did an
nmap scan of the whole /16 for 443,993 and 995 and ran this tool against
everything that responded.  Worked just great, no complaints from
anyone.  And it found several systems that I had missed in my port 80

BTW, for testing SPOP and SIMSP	don't use the -P or -I flags just give
the portnumber.

It turned up a lot of windows boxes that are listening on 443 but not
responding to ssl negotiations.  I have yet to investigate this.  There
were also a few boxes with 'real' certs (signed by well known CAs) that
return X.509 errors of some sort.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin

More information about the unisog mailing list