Mark Senior
2018-03-16 23:11:14 UTC
Hello
I have encountered an ID: 1.3.6.1.4.1.25623.1.0.11154 result that I can confirm.
Locally, this information is available:
C:\Windows\system32>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
(...)
TCP 0.0.0.0:8083 0.0.0.0:0 LISTENING 9648
TCP 0.0.0.0:9099 0.0.0.0:0 LISTENING 9648
C:\Windows\system32>wmic process get ProcessID,Name,ExecutablePath
ExecutablePath Name ProcessId
(...)
C:\Program Files (x86)\Eyelock Corporation\MyrisSDK\bin\MyrisService.exe MyrisService.exe 9648
The service is related to Iris scanners https://www.eyelock.com/index.php/products/myris
This result was observed on port 8083/TCP:
Method: get_http
0x00: 55 6E 6B 6E 6F 77 6E 20 6D 65 73 73 61 67 65 Unknown message
The same process is also running an unidentified SSL-wrapped service on port 9099. It apparently doesn't use a certificate, only anonymous cipher suites were supported. OID 1.3.6.1.4.1.25623.1.0.900234 reported the following:
No 'Strong' cipher suites accepted by this service via the SSLv3 protocol.
'Medium' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the SSLv3 protocol.
'Anonymous' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.0 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.1 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.2 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
Thank you
Mark Senior
Senior Security Analyst, Information Risk Management
Alberta Health Services (Edmonton)
21st floor, 10004 - 104 Avenue Edmonton AB T5J 0K1
***@albertahealthservices.ca<mailto:***@albertahealthservices.ca>
Phone 780-809-8761
________________________________
This message and any attached documents are only for the use of the intended recipient(s), are confidential and may contain privileged information. Any unauthorized review, use, retransmission, or other disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately, and then delete the original message. Thank you.
I have encountered an ID: 1.3.6.1.4.1.25623.1.0.11154 result that I can confirm.
Locally, this information is available:
C:\Windows\system32>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
(...)
TCP 0.0.0.0:8083 0.0.0.0:0 LISTENING 9648
TCP 0.0.0.0:9099 0.0.0.0:0 LISTENING 9648
C:\Windows\system32>wmic process get ProcessID,Name,ExecutablePath
ExecutablePath Name ProcessId
(...)
C:\Program Files (x86)\Eyelock Corporation\MyrisSDK\bin\MyrisService.exe MyrisService.exe 9648
The service is related to Iris scanners https://www.eyelock.com/index.php/products/myris
This result was observed on port 8083/TCP:
Method: get_http
0x00: 55 6E 6B 6E 6F 77 6E 20 6D 65 73 73 61 67 65 Unknown message
The same process is also running an unidentified SSL-wrapped service on port 9099. It apparently doesn't use a certificate, only anonymous cipher suites were supported. OID 1.3.6.1.4.1.25623.1.0.900234 reported the following:
No 'Strong' cipher suites accepted by this service via the SSLv3 protocol.
'Medium' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the SSLv3 protocol.
'Anonymous' cipher suites accepted by this service via the SSLv3 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.0 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.1 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Strong' cipher suites accepted by this service via the TLSv1.2 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_RC4_128_SHA
No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.
'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
Thank you
Mark Senior
Senior Security Analyst, Information Risk Management
Alberta Health Services (Edmonton)
21st floor, 10004 - 104 Avenue Edmonton AB T5J 0K1
***@albertahealthservices.ca<mailto:***@albertahealthservices.ca>
Phone 780-809-8761
________________________________
This message and any attached documents are only for the use of the intended recipient(s), are confidential and may contain privileged information. Any unauthorized review, use, retransmission, or other disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately, and then delete the original message. Thank you.