Mailing List Archive

Cisco "webvpn" being misclassified as printer
Hi there

I've noticed that our Cisco ASA and VPN3000 concentrators are being
classified as HP printers (rule 11936) by Nessus-3.2.1-es4. They are
being picked up as running Web servers and IPSec before 11936 triggers.

Anyway, the web server they run returns

HTTP/1.1 301 Moved Permanently
Server: Web Server
Location: https://XXXXXXX/webvpn.html
Content-Type: text/html
Content-Length: 100

<HEAD><TITLE>Moved</TITLE></HEAD><BODY><A
HREF="https://XXXXXXXX/webvpn.html">Moved</A></BODY>


There's not much to go on there, but perhaps the "webvpn.html" (which is
hardwired I think) could enable Nessus to choose a better OS?

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: Cisco "webvpn" being misclassified as printer [ In reply to ]
On Sep 17, 2008, at 7:15 PM, Jason Haar wrote:

> I've noticed that our Cisco ASA and VPN3000 concentrators are being
> classified as HP printers (rule 11936) by Nessus-3.2.1-es4. They are
> being picked up as running Web servers and IPSec before 11936
> triggers.

Would you be able to send me privately a copy of the KB associated
with one of the devices and the report generated by Nessus?

George
--
theall@tenablesecurity.com



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers