Los hosts con estos cifrados debilitados se pueden usar en un ataque man-in-the-middle, que obliga a un navegador a usar una clave de exportación débil, que se puede descifrar fácilmente. Esto se denomina ataque FREAK (Factoring RSA Export Keys).
Puede encontrar más información sobre el ataque FREAK en https://www.smacktls.com/.
Este reporte no indica indicios de compromiso o ataques desde las IPs en cuestión, sino sólo representa la presencia de un equipo o servicio potencialmente vulnerable y/o expuesto.
Para obtener más información sobre nuestros esfuerzos de escaneo, consulte la página de resumen de escaneo de Internet.
Nombres de archivo: scan_ssl_freak, scan6_ssl_freak
CAMPOS
| timestamp | Hora en que se sondeó la IP en UTC+0 |
| ip | La dirección IP del dispositivo en cuestión. |
| port | Puerto del que provino la respuesta SSL |
| hostname | Nombre DNS inverso del dispositivo en cuestión |
| tag | Etiqueta de informe (SSL) |
| handshake | El protocolo de enlace SSL más alto que podría negociarse (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3) |
| asn | ASN de donde reside el dispositivo en cuestión |
| geo | País donde reside el dispositivo en cuestión |
| region | País donde reside el dispositivo en cuestión |
| city | Ciudad en la que reside el dispositivo en cuestión |
| cipher_suite | El CipherSuite más alto que se pudo negociar |
| freak_vulnerable | Si «S», entonces el dispositivo permitió el uso de cifrados de grado de exportación y puede usarse en un ataque FREAK |
| freak_cipher_suite | El CipherSuite de grado de exportación que se pudo negociar |
| cert_length | Longitud de la clave del certificado (1024 bits, 2048 bits, etc.) |
| subject_common_name | El nombre común (CN) del certificado SSL |
| issuer_common_name | El nombre común de la entidad que firmó el certificado SSL |
| cert_issue_date | Fecha en que el certificado SSL entró en vigencia |
| cert_expiration_date | Fecha en que caduca el certificado SSL |
EJEMPLO
"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","sic","freak_vulnerable","freak_cipher_suite"
"2015-03-07 01:40:19","205.178.184.209",443,"unused.networksolutions.com","ssl","TLSv1.0",19871,"US","FLORIDA","JACKSONVILLE","TLS_RSA_WITH_RC4_128_SHA",2048,"secure.gibsonmoore.net","Network Solutions Certificate Authority","Oct 18 00:00:00 2012 GMT","Oct 18 23:59:59 2016 GMT","E4:E2:6F:19:5C:88:A1:26:A0:A4:69:E6:DE:42:B6:FD:5E:8E:09:30","C16CA8A16545B484098626F6F2541343","sha1WithRSAEncryption","rsaEncryption","Gibson Moore Appellate Services, LLC","Secure Link SSL Pro","US","VA","Richmond","421 East Franklin Street, Suite 230",23219,,,,,,"Network Solutions L.L.C.",,"US",,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","72.246.88.167",443,"a72-246-88-167.deploy.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","MASSACHUSETTS","CAMBRIDGE","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"securepics.ebaystatic.com","Verizon Akamai SureServer CA G14-SHA1","Dec 5 20:40:08 2014 GMT","Dec 5 20:40:07 2015 GMT","08:18:C8:57:30:90:5A:4F:9F:0B:C4:83:7F:1C:8F:6B:7D:05:CA:8A","286BA72F9D7F29E9B8CEE44EB949247C66C18CDB","sha1WithRSAEncryption","rsaEncryption","eBay Inc.","Site Operations","US","CA","San Jose",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","207.35.93.117",443,,"ssl","TLSv1.0",577,"CA","BRITISH COLUMBIA","VANCOUVER","TLS_RSA_WITH_RC4_128_SHA",1024,"testeroom.eldoradogold.com","testeroom.eldoradogold.com","Mar 8 22:30:30 2010 GMT","Mar 7 22:30:30 2013 GMT","25:E5:B4:0F:1F:A9:E5:E8:4C:CE:D1:6C:0D:EC:09:23:8B:8F:98:74","6905F7C9C8278AAD4E5E19B2D5BA88D4","sha1WithRSA","rsaEncryption",,,,,,,,,,,,,,,,,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","23.33.18.248",443,"a23-33-18-248.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",2828,"US","TEXAS","DALLAS","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"imgak.mmtcdn.com","GeoTrust SSL CA","Nov 6 08:07:15 2014 GMT","Nov 8 19:53:39 2015 GMT","7E:F1:C6:5C:93:88:36:5E:24:74:7E:05:55:7A:0C:E8:9C:BD:04:C6","03062E","sha1WithRSAEncryption","rsaEncryption","Makemytrip India Pvt Ltd.","E-Commerce Dept.","IN","Haryana","Gurgaon",,,,,,,"8KnsDSvZY0neMloI0rqAbya97vP-W0EA","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","23.6.29.33",443,"a23-6-29-33.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","VIRGINIA","ASHBURN","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"www.bhcosmetics.com","GeoTrust SSL CA","Oct 12 03:22:15 2014 GMT","Dec 14 14:45:23 2015 GMT","3D:D6:C2:3F:A7:2A:A2:BF:26:A2:1B:63:FB:6A:DF:09:7C:B1:2C:25","0301A2","sha1WithRSAEncryption","rsaEncryption","BHCOSMETICS INC","IT","US","California","Burbank",,,,,,,"XNw15ETRVbJHUgM8knaOpgtYLOPyUzgV","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"