Vulnerability Test Report

IP Scan
Contents
Details about the Sophos Firewall .............................................. 3
Operating system of the Sophos firewall ....................................... 3
Access Control Enumeration ..................................................... 4
DNS Hostnames ................................................................. 5
Common Platform Enumeration (CPE) .............................................. 6
Device Type Connected to the Sophos .............................................. 7
HSTS Missing From HTTPS Server ................................................... 8
OS Security Patch Assessment Not Available ...................................... 15
Banner Grabbing- SSH Algorithms and Languages Supported ......................... 16
SSH Protocol Versions Supported ................................................. 17
SSH Server Type and Version Information ......................................... 18
SSL Certificate Chain Contains Certificates Expiring Soon ....................... 21
83298 - SSL Certificate Chain Contains Certificates Expiring Soon ............... 21
SSL Certificate Expiry - Future Expiry .......................................... 22
42981 - SSL Certificate Expiry - Future Expiry .................................. 23
Session Initiation Protocol Detection ........................................... 30
96281 - Sophos XG Firewall Detection ............................................ 31
Sophos XG Firewall Detection .................................................... 32
42822 - Strict Transport Security (STS) Detection ............................... 32
This test is done remotely on the main IP//200.7.217.224/29

Details about the Sophos Firewall

Operating system of the Sophos firewall

Vulnerabilities Tested and synopsis remarks

Scan Information

200.7.217.226 3
Access Control Enumeration

- Second, the certificate chain may contain a certificate that is not valid at the
time of the scan. This can occur either when the scan occurs before one of the
certificate's 'notBefore' dates, or after one of the certificate's 'notAfter'
dates.

- Third, the certificate chain may contain a signature that either didn't match
the certificate's information or could not be verified. Bad signatures can be

200.7.217.226 4
fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's
issuer using a signing algorithm that Nessus either does not support or does not

recognize.

If the remote host is a public host in production, any break in the chain makes
it more difficult for users to verify the authenticity and identity of the web
server. This could make it easier to carry out man-in-themiddle attacks against
the remote host.
Solution

Purchase or generate a proper SSL certificate for this service.

Risk Factor

Medium

CVSS v3.0 Base Score

DNS Hostnames
Synopsis

I was able to detected potential virtual hosts.

Description

Hostnames different from the current hostname have been collected by miscellaneous
plugins. I generated a list of hostnames that point to the remote host. Note that
these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.

Solution

If you want to test them, re-scan using the special vhost syntax, such as:

www.example.com [192.0.32.10]

200.7.217.226 5
Risk Factor

None

Plugin Output

tcp/0

The following hostnames point to the remote host :

- metaltronic.3cx.ec

Common Platform Enumeration (CPE)

Synopsis

It was possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin
computes the best possible CPE based on the information available from the scan.

Solution

n/a

Risk Factor

None

Plugin Output

200.7.217.226 6
tcp/0

The remote operating system matched the following CPE

:
cpe:/o:sophos:xg_firewall_firmware:2 -> Sophos XG Firewall
Firmware Following application CPE's matched on the remote system :
cpe:/a:nginx:nginx -> Nginx
cpe:/a:openbsd:openssh:8.1 -> OpenBSD OpenSSH

Device Type Connected to the Sophos

Synopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote
system type is (eg: a printer, router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Output

tcp/0

Remote device type : unknown

Confidence level : 56

200.7.217.226 7
HSTS Missing From HTTPS Server

Synopsis

The remote web server is not enforcing HSTS.

Description

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS).
HSTS is an optional response header that can be configured on the server to
instruct the browser to only communicate via HTTPS. The lack of HSTS allows
downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-
hijacking protections.

Solution

Configure the remote web server to use HSTS.

Risk Factor

None

Plugin Information

Plugin Output

tcp/5001/www

The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
This plugin attempts to determine the type and the version of the remote web
server.

Solution

n/a

Risk Factor

None

200.7.217.226 8
 <h1>Found</h1> <p>The document has moved <a
href="https://200.7.217.226:4444/webconsole/webpages/login.jsp">here</ a>.</p>
</body></html>

Plugin Output

tcp/1024/www

The remote web server type is :

xxxx
This plugin attempts to determine the type and the version of the remote web
server.

Solution

n/a

This test gives some information about the remote HTTP protocol - the version
used, whether HTTP KeepAlive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.

Solution

Risk Factor

None

Plugin Output

tcp/4444/www

200.7.217.226 9
This test is informational only and does not denote any security problem.

Solution

Response Code : HTTP/1.1 302 Found

Protocol version : HTTP/1.1

SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Tue, 15 Mar 2022 05:19:21
GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN Strict-Transport-
Security: max-age=31536000
X-Content-Type-Options: nosniff Location:
https://200.7.217.226:4444/webconsole/webpages/login.jsp
Cache-Control: max-age=2592000
Expires: Thu, 14 Apr 2022 05:19:21 GMT
Content-Length: 240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response
Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">
<html><head> <title>302
Found</title>
</head><body>

n/a

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1

SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: nginx
Date: Tue, 15 Mar 2022 05:36:44 GMT Content-
Type: application/octet-stream
Content-Length: 228
Connection: keep-alive Content-
Type: text/html
Response
Body :
<html><body><h1>Unfortunately, you are using an outdated and unsupported browser.<br>Please
upgrade your browser to improve your experience and security.<br>Supported browsers: Chrome,
Edge, Safari or Firefox.</h1></body></html>

Risk Factor

None

200.7.217.226 10
Plugin Information

Published: 2007/01/30, Modified: 2019/11/22

Plugin Output

tcp/5001/www

200.7.217.226 11
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even
against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against
broken services, but they might cause problems for less robust firewalls and also
leave unclosed connections on the remote target, if the network is loaded.

Solution

Protect your target with an IP filter.

Risk Factor

None

Plugin Output

tcp/22/ssh

Solution

Protect your target with an IP filter.

Risk Factor

None

Plugin Information

Published: 2009/02/04, Modified: 2022/02/14

Plugin Output

tcp/5001/www

Port 5001/tcp was found to be open

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even
against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against
broken services, but they might cause problems for less robust firewalls and also
leave unclosed connections on the remote target, if the network is loaded.

200.7.217.226 12
Port Scanning

Synopsis

It is possible to determine which TCP ports are open.

Description

Solution

Protect your target with an IP filter.

Risk Factor

None

Plugin Information

Plugin Output

tcp/8443

Port 8443/tcp was found to be open

200.7.217.226 13
 OS Identification
Synopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.),
it is possible to guess the name of the remote operating system in use. It is
also possible sometimes to guess the version of the operating system.

Solution

n/a

Risk Factor

None

Plugin Information

Plugin Output

tcp/0

Remote operating system : Linux Kernel

Confidence level : 56
Method : MLSinFP
Not all fingerprints could give a match. If you think some or all
of the following could be used to identify the host's operating
system, please email them to os-signatures@nessus.org. Be sure to
include a brief description of the host itself, such as the actual
operating system or product / model names.
SSH:!:SSH-2.0-OpenSSH_8.1
HTTP:!:Server: nginx
SSLcert:!:i/CN:Sophos_CA_C01001YKGG93WBFi/O:Inforc
Ecuadori/OU:OUs/CN:Metaltronics/O:Metaltronics/
OU:OU
6e681e0918de4892347bce2f9e47dfee8449856a
i/CN:Sophos_CA_C01001YKGG93WBFi/O:Inforc Ecuadori/OU:OUs/CN:Metaltronics/O:Metaltronics/OU:OU
6e681e0918de4892347bce2f9e47dfee8449856a

SinFP:!:
P1:B10113:F0x12:W29200:O0204ffff:M1412:
P2:B10113:F0x12:W29200:O0204ffff0101040201030307:M1412:
P3:B00000:F0x00:W0:O0:M0
P4:190101_7_p=22R

The remote host is running Linux Kernel

200.7.217.226 14
200.7.217.226 30
OS Security Patch Assessment Not Available

Synopsis

OS Security Patch Assessment is not available.

Description

OS Security Patch Assessment is not available on the remote host.

This does not necessarily indicate a problem with the scan.
Credentials may not have been provided, OS security patch assessment may not be
supported for the target, the target may not have been identified, or another issue
may have occurred that prevented OS security patch assessment from being available.
See plugin output for details.

This plugin reports non-failure information impacting the availability of OS

Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS
Security Patch Assessment failed'. If a target host is not supported for OS
Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not
Supported' will report concurrently with this plugin.

Solution

n/a

Risk Factor

None

References

XREF IAVB:0001-B-0515

Plugin Information

Plugin Output

tcp/0

The following issues were reported

:
- Plugin :
no_local_checks_credentials.nasl Message
:
Credentials were not provided for detected SSH service.
 Banner Grabbing- SSH Algorithms and Languages Supported

Synopsis

An SSH server is listening on this port.

Description

This script detects which algorithms and languages are supported by the remote
service for encrypting communications.

Solution

n/a

Risk Factor

None

Plugin Information

Plugin Output

tcp/22/ssh

The server supports the following options for kex_algorithms :

curve25519-sha256@libssh.org diffie-hellman-group-exchange-
sha256 The server supports the following options for
server_host_key_algorithms :
ssh-ed25519 ssh-rsa The server supports the following options for
encryption_algorithms_client_to_server :
aes128-ctr
aes128-gcm@openssh.com aes192-ctr aes256-ctr aes256-gcm@openssh.com
chacha20-poly1305@openssh.com The server supports the following options for
encryption_algorithms_server_to_client : aes128-ctr
aes128-
gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com chacha20-poly1305@openssh.com

200.7.217.226 16
 The server supports the following options for mac_algorithms_client_to_server :
hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-
etm@openssh.com umac-128-etm@openssh.com The server supports the following options
for mac_algorithms_server_to_client : hmac-sha2-256 hmac-sha2-256-etm@openssh.com
hmac-sha2-512 hmac-sha2-512-etm@openssh.com umac-128-etm@openssh.com The server
supports the following options for compression_algorithms_client_to_server : none
zlib@openssh.com The server supports the following options for
compression_algorithms_server_to_client : none zlib@openssh.com

SSH Password Authentication

Accepted
Synopsis

The SSH server on the remote host accepts password authentication.

Description

The SSH server on the remote host accepts password authentication.

Solution

n/a

Risk Factor

None

Plugin Output

tcp/22/ssh
SSH Protocol Versions Supported

Synopsis

A SSH server is running on the remote host.

Description

200.7.217.226 17
This plugin determines the versions of the SSH protocol supported by the
remote SSH daemon.

Solution

n/a

Risk Factor

None

Plugin Information

Firewalking- TLS Versions Supported

Synopsis

The remote service encrypts communications.

Description

Plugin Output

tcp/22/ssh

The remote SSH daemon supports the following versions of the SSH protocol :

- 1.99
- 2.0
SSH Server Type and Version Information

Synopsis

An SSH server is listening on this port.

Description

It is possible to obtain information about the remote SSH server by sending

an empty authentication request.

Solution

n/a

200.7.217.226 18
Risk Factor

None

References

XREF IAVT:0001-T-0933

Plugin Information

Plugin Output

tcp/22/ssh

SSH version : SSH-2.0-OpenSSH_8.1

SSH supported authentication : publickey,password,keyboard-interactive
This plugin detects which SSL and TLS versions are supported by the remote
service for encrypting communications.

Solution

n/a

Risk Factor

None

Plugin Information

Plugin Output

tcp/1024/www

This port supports

Risk Factor

None

Plugin Information

Plugin Output

200.7.217.226 19
tcp/5001/www

This port supports

TLSv1.2.

200.7.217.226 20
 SSL Certificate Chain Contains Certificates Expiring Soon

Synopsis

The remote host has an SSL certificate chain with one or more certificates
that are going to expire soon.

Description

The remote host has an SSL certificate chain with one or more SSL certificates
that are going to expire soon. Failure to renew these certificates before the
expiration date may result in denial of service for users.

Solution

Renew any soon to expire SSL certificates.

Risk Factor

None

Plugin Information

The following soon to expire certificate was part of the

certificate chain sent by the remote host :
|-Subject : C=EC/ST=Pichincha/L=Quito/O=Metaltronic/OU=OU/CN=Metaltronic/
E=ivan.campos@metaltronic.com.ec
|-Not After : Mar 16 12:00:00 2022 GMT

Plugin Output

tcp/1024/www
83298 - SSL Certificate Chain Contains Certificates Expiring Soon

Synopsis

The remote host has an SSL certificate chain with one or more certificates
that are going to expire soon.

Description

200.7.217.226 21
The remote host has an SSL certificate chain with one or more SSL certificates
that are going to expire soon. Failure to renew these certificates before the
expiration date may result in denial of service for users.

Solution

Renew any soon to expire SSL certificates.

Risk Factor

None

Plugin Information

Plugin Output

tcp/4444/www
SSL Certificate Expiry - Future Expiry

Synopsis

The SSL certificate associated with the remote service will expire soon.

The following soon to expire certificate was part of the

certificate chain sent by the remote host :
|-Subject : C=EC/ST=Pichincha/L=Quito/O=Metaltronic/OU=OU/CN=Metaltronic/
E=ivan.campos@metaltronic.com.ec
|-Not After : Mar 16 12:00:00 2022 GMT

Description

The SSL certificate associated with the remote service will expire soon.

Solution

Purchase or generate a new SSL certificate in the near future to replace the
existing one.

Risk Factor

None

200.7.217.226 22
Plugin Information

Plugin Output

tcp/1024/www

The SSL certificate will expire within 60 days, at

Mar 16 12:00:00 2022 GMT :
Subject : C=EC, ST=Pichincha, L=Quito, O=Metaltronic, OU=OU,
CN=Metaltronic, emailAddress=ivan.campos@metaltronic.com.ec Issuer :
C=EC, ST=Pichincha, L=Quito, O=Inforc Ecuador, OU=OU,
CN=Sophos_CA_C01001YKGG93WBF, emailAddress=asalazar@inforc.ec
Not valid before : Mar 16 00:00:00 2021 GMT
Not valid after : Mar 16 12:00:00 2022 GMT

42981 - SSL Certificate Expiry - Future Expiry

Synopsis

The SSL certificate associated with the remote service will expire soon.

Description

The SSL certificate associated with the remote service will expire soon.

Solution

Purchase or generate a new SSL certificate in the near future to replace the
existing one.

Risk Factor

None

Plugin Information

Plugin Output

tcp/4444/www

The SSL certificate will expire within 60

days, at Mar 16 12:00:00 2022 GMT :
Subject : C=EC, ST=Pichincha, L=Quito, O=Metaltronic, OU=OU,
CN=Metaltronic, emailAddress=ivan.campos@metaltronic.com.ec Issuer
: C=EC, ST=Pichincha, L=Quito, O=Inforc Ecuador, OU=OU,
CN=Sophos_CA_C01001YKGG93WBF, emailAddress=asalazar@inforc.ec
Not valid before : Mar 16 00:00:00 2021 GMT

200.7.217.226 23
 Not valid after : Mar 16 12:00:00 2022 GMT

SSL Certificate Information

Synopsis

This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and
dump the X.509 certificate.

Solution

n/a

Risk Factor

Subject Name:

Country: EC
State/Province: Pichincha
Locality: Quito
Organization: Metaltronic
Organization Unit: OU
Common Name: Metaltronic
Email Address: ivan.campos@metaltronic.com.ec
Issuer
Name:

Country: EC
State/Province: Pichincha
Locality: Quito
Organization: Inforc Ecuador
Organization Unit: OU
Common Name: Sophos_CA_C01001YKGG93WBF
Email Address: asalazar@inforc.ec

Serial Number: 36

Version: 3
Signature Algorithm: SHA-256 With RSA
Encryption

Not Valid Before: Mar 16 00:00:00 2021 GMT

Not Valid After: Mar 16 12:00:00 2022 GMT
Public Key
Info:

200.7.217.226 24
 Algorithm: RSA Encryption

None

Plugin Information

Plugin Output

tcp/1024/www

Key Length: 2048 bits

Public Key: 00 BA 96 49 BE C7 A0 18 03 43 18 03 0E 77 1E A6 20 75 57 24
E5 DB 9F 9F 23 BF 6B 41 DD 85 AF 78 D3 98 83 C1 0A 7A C4 17
56 7E F8 12 C6 9C 6C 90 20 99 8B C9 41 C2 B8 AA 86 81 EA 7A
43 D4 AE 0F 55 25 1E 61 51 F1 16 1D B7 B1 75 F7 18 73 8B 90
1A 1C 04 F6 3C E2 57 F7 F0 DE 46 6D C9 9B 56 12 A4 00 98 84
C4 CA 00 56 5C D6 38 B0 E6 51 92 71 9C 33 C1 0F B0 94 8B 8A
4A 42 BA E7 E8 BC 9C 05 5A EF 47 AC 2B 15 82 99 4C 71 27 05
25 55 38 B9 4D FC 61 69 FE 9E 23 E7 19 D8 E8 44 CD FC 1B E2
0F 74 B0 A1 8A EA E7 4F 1F B1 33 8A 26 7D FE 13 D4 9D A7 E8
C9 35 5A 96 C8 BF 0A 6B 61 3E BD 8E 63 0B 87 E3 8F 4B 43 7E
59 E7 4B 43 FA DC 81 A4 1F 9B 7A 5B 77 79 25 0C BB 7A 77 ED
AB B7 29 3E BD AB 37 EC 1A 2D 0B 10 56 05 E0 95 4F 2A 2B 97
1D 14 75 9A B9 D8 50 6A 97 F7 F1 BB F2 9E B2 B8 43
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits

Signature: 00 09 ED BA 13 F4 CA 96 0B 83 DA 55 A3 D2 E7 E0 0C A0 CA 04
C5 79 14 B3 64 76 2A 72 38 9B AD A3 32 50 DF CA 9D B4 F8 79
83 F2 D4 67 C5 B2 D6 A7 21 C7 53 25 04 E5 A3 40 50 68 22 99
43 BB 2E 7F BE 2D 1B D4 A8 53 25 0D 1D E9 3C 3E 4C 2F 2F 42
66 C5 F3 78 E3 91 F0 05 F0 83 0B F6 F1 0B B3 5F B6 A1 42 BA
28 22 98 86 A5 6A 3B 0D C6 96 CF 42 43 20 D9 77 A0 0B 3E 1 [...]

200.7.217.226 25
This plugin connects to every SSL-related port and attempts to extract and
dump the X.509 certificate.
Solution

n/a

Risk Factor
None
Subject Name:

Country: EC
State/Province: Pichincha
Locality: Quito
Organization: Metaltronic
Organization Unit: OU
Common Name: Metaltronic
Email Address: ivan.campos@metaltronic.com.ec
Issuer
Name:

Country: EC
State/Province: Pichincha
Locality: Quito
Organization: Inforc Ecuador
Organization Unit: OU
Common Name: Sophos_CA_C01001YKGG93WBF
Email Address: asalazar@inforc.ec

Serial Number: 36

Version: 3
Signature Algorithm: SHA-256 With RSA
Encryption

Not Valid Before: Mar 16 00:00:00 2021 GMT

Not Valid After: Mar 16 12:00:00 2022 GMT
Public Key
Info:

Algorithm: RSA Encryption

Plugin Information

Plugin Output

tcp/4444/www

200.7.217.226 26
 Key Length: 2048 bits
Public Key: 00 BA 96 49 BE C7 A0 18 03 43 18 03 0E 77 1E A6 20 75 57 24
E5 DB 9F 9F 23 BF 6B 41 DD 85 AF 78 D3 98 83 C1 0A 7A C4 17
56 7E F8 12 C6 9C 6C 90 20 99 8B C9 41 C2 B8 AA 86 81 EA 7A
43 D4 AE 0F 55 25 1E 61 51 F1 16 1D B7 B1 75 F7 18 73 8B 90
1A 1C 04 F6 3C E2 57 F7 F0 DE 46 6D C9 9B 56 12 A4 00 98 84
C4 CA 00 56 5C D6 38 B0 E6 51 92 71 9C 33 C1 0F B0 94 8B 8A
4A 42 BA E7 E8 BC 9C 05 5A EF 47 AC 2B 15 82 99 4C 71 27 05
25 55 38 B9 4D FC 61 69 FE 9E 23 E7 19 D8 E8 44 CD FC 1B E2
0F 74 B0 A1 8A EA E7 4F 1F B1 33 8A 26 7D FE 13 D4 9D A7 E8
C9 35 5A 96 C8 BF 0A 6B 61 3E BD 8E 63 0B 87 E3 8F 4B 43 7E
59 E7 4B 43 FA DC 81 A4 1F 9B 7A 5B 77 79 25 0C BB 7A 77 ED
AB B7 29 3E BD AB 37 EC 1A 2D 0B 10 56 05 E0 95 4F 2A 2B 97
1D 14 75 9A B9 D8 50 6A 97 F7 F1 BB F2 9E B2 B8 43
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits

Signature: 00 09 ED BA 13 F4 CA 96 0B 83 DA 55 A3 D2 E7 E0 0C A0 CA 04
C5 79 14 B3 64 76 2A 72 38 9B AD A3 32 50 DF CA 9D B4 F8 79
83 F2 D4 67 C5 B2 D6 A7 21 C7 53 25 04 E5 A3 40 50 68 22 99
43 BB 2E 7F BE 2D 1B D4 A8 53 25 0D 1D E9 3C 3E 4C 2F 2F 42
66 C5 F3 78 E3 91 F0 05 F0 83 0B F6 F1 0B B3 5F B6 A1 42 BA
28 22 98 86 A5 6A 3B 0D C6 96 CF 42 43 20 D9 77 A0 0B 3E 1 [...]

This plugin connects to every SSL-related port and attempts to extract and
dump the X.509 certificate.
Solution

n/a

Subject Name:

Common Name: metaltronic.3cx.ec

Issuer
Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 04 10 E1 65 FF 72 C0 DB 11 DA 21 85 57 05 9A 55 14 7C

Version: 3
Signature Algorithm: SHA-256 With RSA
Encryption

Not Valid Before: Feb 22 08:40:35 2022 GMT

Not Valid After: May 23 08:40:34 2022 GMT
Public Key
Info:

Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 BE F6 96 87 6B 86 3D 44 B5 EA 1A 51 2D 5E 87 BF 68 43 EA
A7 F5 46 16 5D 01 4B 49 A3 B4 96 BB AC 2F CF 73 CE 1B ED D3
39 3F 49 D2 2B 92 25 DF 7E 1A 76 53 77 34 05 13 75 3A 1A D9
07 47 2B 1E 97 B2 D2 6B 7C AA AD 51 68 D5 4C FA 35 DD DD 75
59 6D 08 19 2D D8 24 2F D1 5D D5 EE DF CD B5 51 8A F8 C8 40
30 6D 70 2D 58 DF 11 2B 20 38 2A 94 20 84 9F 5C 38 21 DA 48
01 95 D6 EA FC 96 D5 8F EE BB 91 7B 08 B9 3D 17 C7 B0 D0 81
1C AB F6 95 47 29 34 2F 4E EF 88 A3 A9 54 E8 08 2E F0 88 E8

200.7.217.226 27
 68 78 05 40 0D 50 BA C2 7C 93 88 8A A8 7F E2 36 BB 0D B7 6E

Risk Factor
None

Plugin Information

Plugin Output

tcp/5001/www

DE 06 5C 0E 97 65 D1 8C 73 00 E7 DF F9 6D 32 2B 61 FA 31 48
56 FF 6E 31 BC D0 4C E9 2D 19 9F 03 8D 20 95 54 6F AC 56 07
E3 68 E5 F9 C0 49 36 25 DF F7 20 89 0C 08 BF 0B 1B 0E 07 43
9D 10 B7 86 6B 56 1B A4 CA 8D F0 BE FF 0F 39 F5 C3
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits

Signature: 00 3F 63 B3 32 1D 45 B0 4D C6 E5 77 C8 DD 56 17 5F 35 5F 65
B9 3D 25 AE 65 CF 03 4D 63 89 E3 99 2C 68 F8 CF A6 35 C4 78
A6 85 73 47 E6 00 91 AE A1 DB C6 3F 3E 4C 9D CA 79 90 96 93
44 B7 34 A8 46 EC 7D B4 1A 4E 3A 91 12 3E 86 3A 10 78 EC 5C
19 68 98 3A 97 DC B7 9C 38 2F 61 5C E6 2A 55 CC 98 A3 D6 B0
D0 7E 8C E2 5F 1E A8 20 C2 EE 45 2A 35 94 D3 B4 F3 7C 1E 29
C3 F4 B0 FD AE A3 FA 81 9A 86 B5 DC C8 16 BD 64 DE 1F D7 7A
F1 61 60 A4 DC 11 9F DE F6 13 42 E5 70 A7 28 49 56 77 22 F2
ED A9 94 A9 7B 53 3E C4 A8 75 DA CA F1 C6 D8 0E D6 1E [...]

200.7.217.226 28
Nessus was able to identify the remote service by its banner or by looking at the
error message it sends when it receives an HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information

Plugin Output

tcp/1024/www

A TLSv1.2 server answered on this port.

tcp/1024/www

tcp/4444/www

A web server is running on this port through TLSv1.2.

I was able to identify the remote service by its banner or by looking at the error
message it sends when it receives an HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information

Plugin Output

tcp/5001/www

200.7.217.226 29
 A TLSv1.2 server answered on this port.

Service Detection

Synopsis

The remote service could be identified.

Description

tcp/5001/www

A web server is running on this port through TLSv1.2.

Session Initiation Protocol Detection

Synopsis

The remote system is a SIP signaling device.

Description

The remote system is running software that speaks the Session Initiation Protocol
(SIP).

SIP is a messaging protocol to initiate communication sessions between systems. It

is a protocol used mostly in IP Telephony networks / systems to setup, control,
and teardown sessions between two or more systems.

See Also

https://en.wikipedia.org/wiki/Session_Initiation_Protoco
l

Solution

If possible, filter incoming connections to the port so that it is used only by

trusted sources.

Risk Factor

None

200.7.217.226 30
Plugin Information

Published: 2003/12/29, Modified: 2019/11/22

Plugin Output

udp/5060/sip

Nessus found an unidentified SIP

service.
It supports the following options:

INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE, UPDATE

96281 - Sophos XG Firewall Detection

Synopsis

A Sophos XG Firewall appliance is running on the remote host.

Description

Sophos XG Firewall, a next generation multi-protection firewall appliance, is

running on the remote host.

Solution

n/a

Risk Factor

None

Plugin Information

Published: 2017/01/04, Modified: 2022/02/14

Plugin Output

tcp/1024/www

URL: https://200.7.217.226:1024/userportal/webpages/myaccount/login.jsp
Version : 2

200.7.217.226 31
 Sophos XG Firewall Detection

42822 - Strict Transport Security (STS) Detection

Synopsis

The remote web server implements Strict Transport Security.

200.7.217.226 32