반품
-
제목
Why does an nmap scan run against Syslog Store Box report a Remote Shell Service Enabled? -
설명
An nmap scan shows a Remote Shell Service Enabled on port 514 in one example. -
원인
NMAP uses a database to determine what service is listening on a port, this information is not recommended to be used for security audit purposes.Because of this NMAP behavior, if a SSB source is set to listen on a known port (for example on 8080) then NMAP will report that there is an http-proxy service listening there which is not true.The same is happening with tcp/514 port in this instance. -
해결 방안
NMAP reporting is based on a database rather than confirming a remote shell service is actually in use. if there is any concern, confirm the service is actually listening on the port on the SSB rather than relying on nmap's database driven reporting.