Discussion:
Port 9999 OpenVAS scan
(too old to reply)
Andreas Roed
2018-02-12 12:19:18 UTC
Permalink
Hi,

I had opened for port 9999 by mistake and openvas found it. The service running on it is the stats module of PF (Packet Filter) on my OpenBSD

Br
Andreas
Christian Fischer
2018-02-13 16:12:38 UTC
Permalink
Hi,
Post by Andreas Roed
I had opened for port 9999 by mistake and openvas found it. The service running on it is the stats module of PF (Packet Filter) on my OpenBSD
could you provide some more context for this post like:

1. Whats the reason for your post?
2. What outcome are you expecting?
3. Any additional information you would like provide?

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Christian Fischer
2018-02-14 06:31:58 UTC
Permalink
Hi,
I am new to OpenVAS and wanted to try it out. When I did a scan of my OpenBSD router, it found my pfstat running. OpenVAS didn’t know what it was and asked me to send the status to this email.
thanks for your reply. There are two NVTs concerning services which are
asking to providing info to this mailinglist:

Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154
OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937

As you havn't provided the log message of those it wasn't really clear
from your post that you would like to report such an unknown service.

Any chances to provide the info in witch context OpenVAS asked you to
send the status to this mailinglist and the output of this?

Thanks again,

Regards
Post by Christian Fischer
Hi,
Post by Andreas Roed
I had opened for port 9999 by mistake and openvas found it. The service running on it is the stats module of PF (Packet Filter) on my OpenBSD
1. Whats the reason for your post?
2. What outcome are you expecting?
3. Any additional information you would like provide?
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Christian Fischer
2018-02-16 13:12:02 UTC
Permalink
Hi,
Its the first one with the banner. I would rather not send the banner, as it is actually a bunch of information about my interfaces and statistics on data.
i hope that is okay.
unfortunately that won't help us that much as no service detection can
be implemented without knowing the data the service returns. And even if
we setup an OpenBSD its not sure if we got the same setup like yours.

Maybe you could anonymize the output or only partly paste the data of
the banner in here without sensitive data?

As an alternative you could also search on public search engines like
https://www.shodan.io/ or https://censys.io/ipv4 for some pattern and
provide such a system here which is similar to yours.

Regards,
Br
Andreas
Post by Christian Fischer
Hi,
I am new to OpenVAS and wanted to try it out. When I did a scan of my OpenBSD router, it found my pfstat running. OpenVAS didn’t know what it was and asked me to send the status to this email.
thanks for your reply. There are two NVTs concerning services which are
Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154
OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937
As you havn't provided the log message of those it wasn't really clear
from your post that you would like to report such an unknown service.
Any chances to provide the info in witch context OpenVAS asked you to
send the status to this mailinglist and the output of this?
Thanks again,
Regards
Post by Christian Fischer
Hi,
Post by Andreas Roed
I had opened for port 9999 by mistake and openvas found it. The service running on it is the stats module of PF (Packet Filter) on my OpenBSD
1. Whats the reason for your post?
2. What outcome are you expecting?
3. Any additional information you would like provide?
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Christian Fischer
2018-05-04 12:01:35 UTC
Permalink
Hi,

i had a chance to get a hand on a OpenBSD 6.3 system and implemented a
detection for this pfstatd service. With the next feed update the
following NVT should be able to detect that service as long it isn't
responding with something completely different on your system:

Name: Service Detection with 'GET' Request
OID: 1.3.6.1.4.1.25623.1.0.17975

Regards,
Post by Christian Fischer
Hi,
Its the first one with the banner. I would rather not send the banner, as it is actually a bunch of information about my interfaces and statistics on data.
i hope that is okay.
unfortunately that won't help us that much as no service detection can
be implemented without knowing the data the service returns. And even if
we setup an OpenBSD its not sure if we got the same setup like yours.
Maybe you could anonymize the output or only partly paste the data of
the banner in here without sensitive data?
As an alternative you could also search on public search engines like
https://www.shodan.io/ or https://censys.io/ipv4 for some pattern and
provide such a system here which is similar to yours.
Regards,
Br
Andreas
Post by Christian Fischer
Hi,
I am new to OpenVAS and wanted to try it out. When I did a scan of my OpenBSD router, it found my pfstat running. OpenVAS didn’t know what it was and asked me to send the status to this email.
thanks for your reply. There are two NVTs concerning services which are
Report banner of unknown services, OID: 1.3.6.1.4.1.25623.1.0.11154
OS Detection Consolidation and Reporting, OID: 1.3.6.1.4.1.25623.1.0.105937
As you havn't provided the log message of those it wasn't really clear
from your post that you would like to report such an unknown service.
Any chances to provide the info in witch context OpenVAS asked you to
send the status to this mailinglist and the output of this?
Thanks again,
Regards
Post by Christian Fischer
Hi,
Post by Andreas Roed
I had opened for port 9999 by mistake and openvas found it. The service running on it is the stats module of PF (Packet Filter) on my OpenBSD
1. Whats the reason for your post?
2. What outcome are you expecting?
3. Any additional information you would like provide?
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...