<plugin_id>136</plugin_id>
<plugin_name>Arkoon appliance ssh port tcp-822 detection</plugin_name>
<plugin_family>Firewalls</plugin_family>
<plugin_created_date>2004/09/02</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>822</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists *SSH-[0-9].*SSF*</plugin_procedure_detection>
<plugin_detection_accuracy>95</plugin_detection_accuracy>
<plugin_comment>Check is adapted from the Nessus plugin (see Nessus ID listed in the sources).</plugin_comment>
<bug_produced_name>Arkoon Network Security</bug_produced_name>
<bug_produced_email>support at arkoon dot net</bug_produced_email>
<bug_produced_web>http://www.arkoon.net</bug_produced_web>
<bug_affected>Arkoon appliances</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The remote host seems to be a Arkoon appliance with SSH port tcp/822 open. Letting attackers know that you are using a Arkoon appliance will help them to focus their attack or will make them change their strategy.</bug_description>
<bug_solution>The service should be deactivated or de-installed if not necessary. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 1400). Try to prevent unwanted connection attempts by filtering traffic with firewalling.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.nessus.org</bug_exploit_url>
<bug_remote>No</bug_remote>
<bug_local>No</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>3</bug_popularity>
<bug_simplicity>6</bug_simplicity>
<bug_impact>5</bug_impact>
<bug_risk>4</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus is able to do a similar check.</bug_check_tool>
<source_nessus_id>14377</source_nessus_id>
<source_literature>Building Internet Firewalls, Elizabeth D. Zwicky, Simon Cooper and D. B. Chapman, September 1, 2000, O'Reilly & Associates, ISBN 1565928717, 2nd edition</source_literature>
<source_misc>http://www.arkoon.net</source_misc>