Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - MaxBishop

Pages: [1] 2
1
General Questions / Re: Nessus vulnerability false positives
« on: February 09, 2018, 04:12:37 pm »
Setting my web port to 8083 seems to correct the problem.

Perhaps a Nessus Pro subscriber could ring their bell on this. For 2200 bucks I say they should have some pull.

Meanwhile johnpoz, you really do an outstanding job of serving the community.

(No snow in Boston)

2
General Questions / Re: Nessus vulnerability false positives
« on: February 09, 2018, 12:15:21 pm »
Hi,

Yea, this work stuff always gets in the way of fun.

I have nothing unusual for my setups... no proxy, etc.

My native network is totally vanilla. A pfsense router and an unmanaged switch.

The VM networks consist of multiple VBox machines sharing an internal adaptor. I have two of these, one where the router is the stable release and another with the development snapshot from yesterday.

I have the Nessus community edition installed in Kali and, separately, in Arch Linux.

BTW: I am very impressed with pfSense and I will probably deploy it at the lab where I work..

3
General Questions / Re: Nessus vulnerability false positives
« on: February 09, 2018, 08:09:57 am »
Hi,

That would be great. Last night I created a VM directly from the developer image and implemented it with the default setup...  and I still got the ominous results. I used a fresh install of the community edition for Nessus and customer feedback is restricted to those who can afford the Pro License (~ $2200/yr).

The CGI vulnerabilities are not identified from the WAN side. The "unknown version" detection is almost certainly a false positive.  If it can't be reproduced, then I am doing something (very) stupid.

4
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 04:43:50 pm »
@ johnpoz

Thanks for your work on this.

5
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 04:15:52 pm »
Hi,

I'm stumped. I see the problem with:

2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6
The system is on the latest version.
Version information updated at Thu Feb 8 21:44:23 UTC 2018   

It appears to be reproducible with a fresh install. Next I'll test it with the development snapshot.

6
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 03:20:36 pm »
Below I have the details of one example where the pfSense version shows as unknown. All of the vulnerabilities are in the CGI abuses category and all appear to occur because the version could not be determined by Nessus.

I have also included a screenshot of my pfSense dashboard (this is the from-scratch install)..

I am re-running the scan after a complete Nessus update.

7
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 02:38:09 pm »

OK,

On my Advanced scan I have a plugin tab that shows the CGI abuses plugin as enabled (image attached)

On a from-scratch install, running the scan shows the same set of critical/high/medium vulnerabilities.

However, running the scan with the CGI abusus plugin disabled removes the detections.

Do you have this plugin enabled?

8
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 01:52:57 pm »
Hi,

I did have pfBlocker and Suricata installed. Here's what I'm going to do:

1) Uninstall pfBlocker and Suricata and rerun

If that fails, I'll create a fresh install and try it.


9
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 01:20:09 pm »
I edited that last post. (Sorry, I hit post before I was done.)

10
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 01:08:35 pm »
Hi,

Advanced Scan:
    Discovery
       General: Test the Local Nessus host
       Ping Methods: ARP, TCP=built-in, ICMP(max=2)
   Port Scanning:
      Local Port Enumerators: SSH,  WMI, SNMP, [only run if local failed]
      Network Scanners: SYN
   Service Discovery
      General: Probe all ports
      Search for SSL/TLS ciphers - enumerate all   
  Assessment
      General: default
      Brute Force: Only use credentials provided
  Web Applications: Scan web applications: ON

The last item may be of interest.

Meanwhile, I'll try the scan without the Web Applications scan. Then I'll try it with a "reset to factory" in the VM.

11
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 10:36:17 am »
Correct: 2.4.2-RELEASE-p1 (in both VM and native network)

My VM network is an isolated system with its own pfsense router.

12
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 10:13:26 am »
Hi,

My virtual network gives me the same results.

13
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 09:41:41 am »
Hi,
Thanks,
Let me know if you need any other information.
Meanwhile, I'll check it out in my VM prototype network too.

14
General Questions / Re: Nessus vulnerability false positives
« on: February 08, 2018, 09:27:44 am »
Hi,

I'm scanning from the LAN side with:
Nessus  7.0.1 (#108) LINUX
Updated: February 7 at 12:15 PM
Plugin set: 201802071215

The scan identifies 4 Critical, 5 High, and 9 Medium level vulnerabilities.
Code: [Select]

CRITICAL 10.0 106488 pfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 - SA-14_03)
CRITICAL 10.0 106490 pfSense SA-14_08 / pfSense SA-14_09 / pfSense SA-14_10 / pfSense SA-14_11 / SA-14-12 SA-14-12 : Multiple Vulnerabilities
CRITICAL 10.0 106491 pfSense < 2.1.5 Multiple Vulnerabilities (SA-14_15 - SA-14_17)
CRITICAL 0.0 106499 pfSense SA-16_01 / SA-16-02 : Multiple Vulnerabilities
HIGH 9.0 106501 pfSense < 2.3.1-p1 Multiple Vulnerabilities (SA-16_05)
HIGH 9.0 106502 pfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 - SA-16_08)
HIGH 9.0 106503 pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)
HIGH 7.8 106489 pfSense < 2.1.3 Remote Denial of Service Vulnerability (SA-14_05)
HIGH 7.5 106498 pfSense SA-15_10 / SA-15-11 : Multiple Vulnerabilities
MEDIUM 6.8 106493 pfSense < 2.2.1 Multiple Vulnerabilities (SA-15_02 - SA-15_04)
MEDIUM 4.3 106492 pfSense < 2.2 Multiple Vulnerabilities (SA-15_01)
MEDIUM 4.3 106494 pfSense < 2.2.2 Multiple Vulnerabilities (SA-15_05)
MEDIUM 4.3 106495 pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07)
MEDIUM 4.3 106496 pfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07)
MEDIUM 4.3 106497 pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)
MEDIUM 4.3 106500 pfSense SA-16_03 / SA-16-04 : Multiple Vulnerabilities
MEDIUM 4.3 106504 pfSense < 2.3.4 DHCP Lease Display XSS (SA-17_04)
MEDIUM 4.3 106505 pfSense < 2.3.4-p1 Multiple Vulnerabilities (SA-17_05 - SA-17_06)

I can provide a more detailed report, but again, all of these are based on the reported pfSense version number (unknown..0).

15
General Questions / (solved) Nessus vulnerability false positives
« on: February 07, 2018, 05:44:34 pm »
I am running version 2.4.2-RELEASE-p1 (amd64)

A Nessus scan shows several false positives identified as: pfSense < 2.1.1 Multiple Vulnerabilities

It reports my installed version as: unknown..0

My question is: is the current version of pfSense hiding its version?


Pages: [1] 2