heartbleed script only seems to work on known SSL ports in 6.46 for windows

["Gamache, Mark" <Mark.Gamache () T-Mobile com>]

Hi Devs,

I just ran HB tests using 6.46 and it only seems to work for “standard SSL” ports.  I use openssl s_server.  For 443, 
8443, and 636 the tool works great.  For other ports, it repots back not vulnerable.  For the other ports, nmap does a 
sny , sny/ack, rst and shows the open port, but does not initiate an SSL session.

I have verified this via packet captures.

Here is what I am using to test.

openssl s_server -accept 2381 -cert chaintest.gsm1900.org.pem -key chaintest.gsm1900.org.pem -pass pass:1q2w3e

running

nmap –p 2381 --script ssl-heartbleed.nse IPaddress

I tried this on several non-standard ports and get no luck.  False negative scare me.

Cheers,


Mark Gamache
Directory and Security Services
425-302-8873
mark.gamache () t-mobile com<mailto:mark.gamache () t-mobile 
com?subject=Mark,%20you're%20great!%20%20Can%20you%20help%20me?>


From: Fyodor [mailto:fyodor () nmap org]
Sent: Monday, April 21, 2014 3:13 PM
To: Gamache, Mark
Subject: Re: heartbleed script only seems to work on port 443 in 6.45 for windows

On Tue, Apr 15, 2014 at 12:10 PM, Gamache, Mark <Mark.Gamache () t-mobile com<mailto:Mark.Gamache () t-mobile com>> 
wrote:

I just downloaded 6.45 for windows, which now has the heartbleed detection script in the package.   We have multiple 
teams working on the remediate plan for heartbleed and were getting different results.  It turns out that the nmap 
script only works for port 443.  It runs if other ports are selected, but we get a false negative.

Hi Mark.  We've made a number of improvements to the script which you can find in Nmap 6.46.  If you still have trouble 
with that one, I recommend contacting the Nmap dev list (dev () nmap org<mailto:dev () nmap org>).

Cheers,
-F


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/