Arkoon Appliance Detection

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is a firewall.

Description :

The remote host has the three TCP ports 822, 1750, 1751
open.

It's very likely that this host is an Arkoon security dedicated
appliance with ports

TCP/822 dedicated to ssh service
TCP/1750 dedicated to Arkoon Manager
TCP/1751 dedicated to Arkoon Monitoring

Letting attackers know that you are using an Arkoon
appliance will help them to focus their attack or will
make them change their strategy.

You should not let them know such information.

See also :

http://www.arkoon.net/

Solution :

Do not allow any connection on the firewall itself, except
for the firewall protocol, and allow that for trusted
sources only.

If you have a router which performs packet filtering, then
add ACL that disallows the connection to these ports for
unauthorized systems.

Risk factor :

Low

Family: Firewalls

Nessus Plugin ID: 14377 (arkoon.nasl)

Bugtraq ID:

CVE ID: