Hi everybody, today I had a few crazy nessus results. I did a securityscan on my machine and nessus found a security hole in isakmp service. It says The remote IPSEC server seems to have a problem negotiating bogus IKE requests. An attacker may use this flaw to disable your VPN remotely Solution: Contact your vendor for a patch Risk factor: High Protocol UDP Port 500 At the last nessus scan at about the 11th April, no security whole was found. In both cases I updated the nessus db with nessus-update-plugins before i started the scan. My real problem is, that I'm absolutely sure, that no IPSEC server is running on my system. To check this result, I installed SuSE 7.2 in a minimal configuration with absolut no network services running on another computer and also made a nessus scan. Again I get a security hole in isakmp. Then I started an nmap scan wit h the option sU, and nmap didn't find an open udp port. Is it a bug in the nessus attack-script or is there a "hidden" directive in SuSE 7.2 that i didn't find or has someone similiary "problems" and knows a solution? My nessusd version is 1.0.9 Thanks a lot in advance Konrad
Hi, the plugin which generated this warning is know to generate false positive, says Renaud Deraison (Nessus Developer). Unfortunately there's no info about that on the Nessus-Homepage. Konrad ----- Original Message ----- From: "Konrad Klein" <kklein@ibe.med.uni-muenchen.de> To: <suse-security@suse.com> Sent: Wednesday, April 24, 2002 5:13 PM Subject: [suse-security] Can't understand nessus result
Hi everybody,
today I had a few crazy nessus results. I did a securityscan on my machine and nessus found a security hole in isakmp service. It says
The remote IPSEC server seems to have a problem negotiating bogus IKE requests.
An attacker may use this flaw to disable your VPN remotely
Solution: Contact your vendor for a patch Risk factor: High
Protocol UDP Port 500
At the last nessus scan at about the 11th April, no security whole was found. In both cases I updated the nessus db with nessus-update-plugins before i started the scan.
My real problem is, that I'm absolutely sure, that no IPSEC server is running on my system.
To check this result, I installed SuSE 7.2 in a minimal configuration with absolut no network services running on another computer and also made a nessus scan. Again I get a security hole in isakmp.
Then I started an nmap scan wit h the option sU, and nmap didn't find an open udp port.
Is it a bug in the nessus attack-script or is there a "hidden" directive in SuSE 7.2 that i didn't find or has someone similiary "problems" and knows a solution?
My nessusd version is 1.0.9
Thanks a lot in advance
Konrad
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
Konrad Klein