Este informe identifica hosts que permiten el uso de SSL v3.0 con cifrados en modo de encadenamiento de bloques de cifrado (CBC), que son vulnerables al ataque POODLE (Padding Oracle On Downgraded Legacy Encryption).
Consulte la alerta TA14-290A de US-CERT en: https://www.us-cert.gov/ncas/alerts/TA14-290A para obtener más información sobre esta vulnerabilidad y explotación.
Este reporte no indica indicios de compromiso o ataques desde las IPs en cuestión, sino sólo representa la presencia de un equipo o servicio potencialmente vulnerable y/o expuesto.
Para obtener más información sobre los esfuerzos de escaneo, consulte la página de resumen de escaneo de Internet.
Nombres de archivo: scan_ssl_poodle, scan6_ssl_poodl
CAMPOS
| timestamp | Hora en que se sondeó la IP en UTC+0 |
| ip | La dirección IP del dispositivo en cuestión. |
| port | Puerto del que provino la respuesta SSL |
| hostname | Nombre DNS inverso del dispositivo en cuestión |
| tag | Etiqueta de informe (SSL) |
| handshake | El protocolo de enlace SSL más alto que podría negociarse (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3) |
| asn | ASN de donde reside el dispositivo en cuestión |
| geo | País donde reside el dispositivo en cuestión |
| region | País donde reside el dispositivo en cuestión |
| city | Ciudad en la que reside el dispositivo en cuestión |
| cipher_suite | El CipherSuite más alto que se pudo negociar |
| ssl_poodle | Si «S», entonces el dispositivo completó un protocolo de enlace SSLv3 que utilizó CipherSuites CBC (Cipher-Block Chaining), que es vulnerable a un ataque POODLE |
| cert_length | Longitud de la clave del certificado (1024 bits, 2048 bits, etc.) |
| subject_common_name | El nombre común (CN) del certificado SSL |
| issuer_common_name | El nombre común de la entidad que firmó el certificado SSL |
| cert_issue_date | Fecha en que el certificado SSL entró en vigencia |
| cert_expiration_date | Fecha en que caduca el certificado SSL |
EJEMPLO
"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","ssl_poodle","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date"
"2014-11-16 03:13:52","87.228.223.89",443,"87-223-89.netrunf.cytanet.com.cy","ssl","TLSv1.0",6866,"CY",1,"NICOSIA","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"Thomson TG585 v7","Thomson TG585 v7","Jan 1 00:00:00 2005 GMT","Dec 31 00:00:00 2024 GMT"
"2014-11-16 03:13:52","119.161.34.219",443,,"ssl","TLSv1.0",55455,"AU","NSW","NORTH RYDE","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"*.vmareturns.com.au","Go Daddy Secure Certification Authority","Jul 2 23:17:47 2013 GMT","Aug 1 22:28:50 2015 GMT"
"2014-11-16 03:13:52","201.212.8.219",443,"octodata2.jedy.com.ar","ssl","TLSv1.0",10481,"AR","C","BUENOS AIRES","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"iDRAC6 default certificate","iDRAC6 default certificate","Sep 17 22:47:28 2009 GMT","Sep 15 22:47:28 2019 GMT"
"2014-11-16 03:13:52","2.34.252.97",443,"net-2-34-252-97.cust.vodafonedsl.it","ssl","TLSv1.0",30722,"IT","PD","PADOVA","TLS_RSA_WITH_RC4_128_SHA","Y",2048,"*.mynet.vodafone.it","Vodafone (Secure Networks)","May 16 09:07:08 2014 GMT","May 16 09:07:08 2017 GMT"
"2014-11-16 03:13:52","86.13.183.194",443,"cpc10-colc7-2-0-cust961.7-4.cable.virginm.net","ssl","TLSv1.0",5089,"UK","ESS","COLCHESTER","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"*.device465170.wd2go.com","remotewd.com","Feb 8 22:14:03 2013 GMT","Feb 8 22:14:03 2023 GMT"
"2014-11-16 03:13:52","99.16.128.48",443,"99-16-128-48.lightspeed.crlkil.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","HINSDALE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","103.11.19.76",443,"apps.moko04.com","ssl","TLSv1.2",23818,"JP",13,"TOKYO","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"apps.zlpad04.com","apps.zlpad04.com","Jun 10 11:19:19 2014 GMT","Jun 10 11:19:19 2015 GMT"
"2014-11-16 03:13:52","150.101.206.116",443,"eth885.nsw.adsl.internode.on.net","ssl","TLSv1.2",4739,"AU","NSW","SYDNEY","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FWF40C3913009779","support","Sep 17 15:38:30 2013 GMT","Jan 19 03:14:07 2038 GMT"
"2014-11-16 03:13:52","93.200.56.232",443,"p5dc838e8.dip0.t-ipconnect.de","ssl","TLSv1.0",3320,"DE","NW","COLOGNE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FirstCleanKoeln.homelinux.org","FirstCleanKoeln.homelinux.org","Jan 1 00:00:20 2000 GMT","Mar 18 00:00:20 2015 GMT"
"2014-11-16 03:13:52","99.66.112.150",443,"99-66-112-150.lightspeed.cicril.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","LINCOLNWOOD","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","188.66.80.115",443,"mail.ccsltd.co.uk","ssl","TLSv1.0",31655,"UK","BEN","WEMBLEY","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"remote.ccsukltd.co.uk","RapidSSL CA","Jan 6 05:14:19 2013 GMT","Feb 8 10:31:47 2015 GMT"