With the recent release of the POODLE SSLv3 vulnerability, folks are scrambling around trying to figure out what runs what and where. Running a handful of things that do SSL, I was obligated, both personally and professionally, to figure out an easy way to drill down and figure out what does what and then fix the vulnerable services. When there are a lot of devices, this can seem like a daunting task, and it is if you’re trying to do it manually. This is where NMAP comes into play. NMAP is an extremely powerful tool for scanning and enumerating your own network, not just a tool for the script kiddies to port scan. Since there is no SSL patch at the time of this writing, and since SSLv3 is old and depricated, it is a good idea to see what services support it and then squish them in favor of TLS 1+. Thankfully, smarter folks than myself have done most of the legwork for accomplishing this task and written most of it down here. NMAP has a wealth of cool scripts and bolt ons that extend it in amazing ways. To accomplish our tasks we’ll ned to do a few things. Install nmap. I ran into issues with the nselibs being incomplete, so I grabbed the source and built it that way as opposed to using yum.``` git clone git@github.com:nmap/nmap.git
sudo yum -y groupinstall 'Development Tools'
cd nmap
./configure
sudo make
and alternatively``` sudo make install
(~/nmap) v-chimera $ ./nmap --script ssl-enum-ciphers -p 443 10.14.14.0/27
Starting Nmap 6.46 ( http://nmap.org ) at 2014-10-15 12:21 CDT
Nmap scan report for gw.test (10.14.14.1)
Host is up (0.0028s latency).
PORT STATE SERVICE
443/tcp closed https
Nmap scan report for ssldevice.test (10.14.14.2)
Host is up (0.0042s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS\_RSA\_WITH\_RC4\_128\_MD5 - strong
| TLS\_RSA\_WITH\_RC4\_128\_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS\_RSA\_WITH\_RC4\_128\_MD5 - strong
| TLS\_RSA\_WITH\_RC4\_128\_SHA - strong
| compressors:
| NULL
|\_ least strength: strong
Nmap scan report for nossl.test (10.14.14.3)
Host is up (0.00049s latency).
PORT STATE SERVICE
443/tcp closed https
From here we can see that there is a host that needs to be updated. There are a wealth of docs out there for changing out the supported version. Most of my stuff is apache so I used this guide. For embedded devices, the best option is to filter access [which you should probably be doing anyway] until there is a patched firmware version.
Share this post
Twitter
Google+
Facebook
Reddit
LinkedIn
StumbleUpon
Pinterest
Email