Wireless Access

Reply

Vulnerability scanners

Hello Everyone!

We have a client i which they did a vulnerability test and the results were that 

 

23/tcp-telnet

Unencrypted Telnet Server

0/tcp-general

IP Forwarding Enabled

  

53/udp-dns

DNS Server Cache Snooping Remote Information Disclosure

I do understand that the port 23 telnet is on by default as far i can read on Aruba hardening guide but it will close the connection

IS there any way to disable it? Iknow there is a checkmark to enable  but as far i remenber is not on... guess when you enable it it wont close the connections??  Anyways i woulld like to know how to close it completelly

 

For the DNS Server Cache Snooping Remote Information Disclosure

As i read on the hardening guide it says 

"ArubaOS includes a “DNS responder” that listens on UDP port 53. Any query sent to this responder will result in a response that contains the controller’s IP address. Vulnerability scanners may report that this service responds to recursive queries, that it allows cache snooping, or that it enables traffic amplification attacks. It is important to note that this service is not an actual DNS server, and these warnings may be safely ignored."

So i guess i dont have to worry about that...

 

Now IP Forwarding Enabled what do this actually mean? not sure what action to take here

Any ideas?

This is just found in the Guest SSIDS.. the other had no issue(the corporate SSID)

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Vulnerability scanners

Telnet can be enabled under Management > General.  I setup a Telnet packet capture and see a SYN from my laptop and no response (SYN/ACK) from the controller.  If that's the case, I'm not sure I understand how your vulnerability scanner would show the port is open.

 

As you stated, shouldn't have to worry about the DNS responder.  It's needed for captive portal on your guest network.

 

Regarding IP forwarding, do you have a default gateway on the controller for guest traffic?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Vulnerability scanners


NightShade1 wrote:

Hello Everyone!

We have a client i which they did a vulnerability test and the results were that 

 

23/tcp-telnet

Unencrypted Telnet Server

0/tcp-general

IP Forwarding Enabled

   

53/udp-dns

DNS Server Cache Snooping Remote Information Disclosure

I do understand that the port 23 telnet is on by default as far i can read on Aruba hardening guide but it will close the connection

IS there any way to disable it? Iknow there is a checkmark to enable  but as far i remenber is not on... guess when you enable it it wont close the connections??  Anyways i woulld like to know how to close it completelly

 

For the DNS Server Cache Snooping Remote Information Disclosure

As i read on the hardening guide it says 

"ArubaOS includes a “DNS responder” that listens on UDP port 53. Any query sent to this responder will result in a response that contains the controller’s IP address. Vulnerability scanners may report that this service responds to recursive queries, that it allows cache snooping, or that it enables traffic amplification attacks. It is important to note that this service is not an actual DNS server, and these warnings may be safely ignored."

So i guess i dont have to worry about that...

 

Now IP Forwarding Enabled what do this actually mean? not sure what action to take here

Any ideas?

This is just found in the Guest SSIDS.. the other had no issue(the corporate SSID)

 

Cheers

Carlos


Please see open ports, explanations and how to block them here:  http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/37095/2/ArubaOS_Hardening_Guide_10302015.pdf



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Vulnerability scanners

Well the captive portal is a vlan that just exist in the controller so its the default gateway of the Guest vlan...  Im natting everything with the ip addresss oft he controller for guest.

 

Hey Collin thats wherei got the information i pasted there..  But still doesnt asnwer the ip forwarding one :(

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Vulnerability scanners

The scanner has detected that your guest SSID can route traffic. Just as you said, the controller is DG for guest. See nmaps description of this:
https://nmap.org/nsedoc/scripts/ip-forwarding.html
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Vulnerability scanners

Any port that is on a scanner, can be blocked using an ACL if the controller is configured correctly.

 

I will paste in a comment from one of our security guys - "I think it would be odd if the controller did NOT do IP forwarding... That rule is designed to detect hosts that are forwarding IP. It is not designed for networking boxes, which are supposed to do IP forwarding."

 

In other words, any automated scan requires understanding of the tests, as well as the configuration of the device being tested to see if there is a genuine issue, a configuration issue or something that needs to be explained further.



 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Vulnerability scanners

Thank you for the asnwer guys really helpful!

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Vulnerability scanners

NP, Carlos.

I've often had to fight security because out of the box vulnerability scans
aren't always accurate or represent real threats. In this case, you can
argue that none of the findings above are concerns.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: