[aklug] Re: [NUGA] Re: If you are still running SSLv2, you should disable it ASAP

From: Royce Williams <royce@tycho.org>
Date: Wed Mar 02 2016 - 16:14:23 AKST

What I've been doing is best effort as I can think of ways to discover the
information needed to diagnose SSLv2 issues. So a couple of caveats:

1. I'm not currently detecting any SSLv2 on standard non-HTTPS ports (IMAP,
SMTP/STARTTLS, etc.) . I hope to do this soon.

2. The "hosts in Alaskan domains" approach that I take is heavily dependent
on forward DNS and hostnames as mentioned in certificate names (using data
dumped from scans.io), which I then process in a couple of ways to discover
"Alaskan-looking" hosts. The reason I do this is that SSL/TLS certs depend
heavily on the actual hostname, and you can discover 100 hostname/cert
combos all pointing to the same IP address, so scanning a single IP just
doesn't cut it. My approach also excludes generic names (like
static.gci.net, unallocated.acsalaska.net), etc.

So as a cross check, below is a list of hosts that are speaking SSLv2 on
443 that fall within my understanding of Alaskan IP space. I identified
the subject hosts with two passes:

A. Used Robert Graham's masscan to detect 443 in Alaskan subnets (just my
basic list, not yet drawing from MaxMind, etc.)

B. Feed the discovered list of 443-speaking IPs to nmap, scanning with its
included "sslv2" script to quickly find SSLv2-speaking hosts.

The results are as follows. Unfortunately, it will take some additional
sleuthing on your part to match up actual business entities -- but it may
help you to identify hosts that are not yet on your radar. And hitting a
direct IP and checking for 443 can be any number of hosts on the back end
-- or no hosts at all (just an old/inactive config). I have no way to
divine the administrative intent, so many of them may be flavors of "that's
old" or "we don't mean to have HTTPS on that" ... but I would argue that
this probably means that you can configure it to go away, and have its
SSLv2 be removed from possibility of exploitation.

If there's no PTR record for the IP, the bare IP is listed (nmap-style).

107.152.124.118
107.152.125.163
123-219-189-192.chugachelectric.com (192.189.219.123)
124-219-189-192.chugachelectric.com (192.189.219.124)
125-219-189-192.chugachelectric.com (192.189.219.125)
126-219-189-192.chugachelectric.com (192.189.219.126)
131-219-189-192.chugachelectric.com (192.189.219.131)
132-219-189-192.chugachelectric.com (192.189.219.132)
141-219-189-192.chugachelectric.com (192.189.219.141)
146-219-189-192.chugachelectric.com (192.189.219.146)
146.63.202.72
146.63.202.95
150-219-189-192.chugachelectric.com (192.189.219.150)
151-219-189-192.chugachelectric.com (192.189.219.151)
197-240-123-74.static.kpbsd.k12.ak.us (74.123.240.197)
198.17.216.107
198.17.216.109
198.17.216.53
198.17.216.60
198.99.24.107
204.89.222.69
209-112-135-121.static.acsalaska.net (209.112.135.121)
209-112-135-133.static.acsalaska.net (209.112.135.133)
209-112-135-135.static.acsalaska.net (209.112.135.135)
209-112-135-34.static.acsalaska.net (209.112.135.34)
209.112.166.126
209-112-170-230.static.acsalaska.net (209.112.170.230)
209-112-171-78.static.acsalaska.net (209.112.171.78)
209-112-172-70-dial-as5.fai.acsalaska.net (209.112.172.70)
209-112-176-142-static.citci.com (209.112.176.142)
209-112-176-185-static.citci.com (209.112.176.185)
209-112-180-11.static.acsalaska.net (209.112.180.11)
209-112-180-17.static.acsalaska.net (209.112.180.17)
209-112-180-21.static.acsalaska.net (209.112.180.21)
209-112-180-4.static.acsalaska.net (209.112.180.4)
209-112-180-50.static.acsalaska.net (209.112.180.50)
209-112-180-52.static.acsalaska.net (209.112.180.52)
209-112-181-158.static.acsalaska.net (209.112.181.158)
209-112-181-216.static.acsalaska.net (209.112.181.216)
209-112-181-56.static.acsalaska.net (209.112.181.56)
209-112-191-195.erm.acsalaska.net (209.112.191.195)
209-112-191-196.erm.acsalaska.net (209.112.191.196)
209-112-192-84.static.acsalaska.net (209.112.192.84)
209-112-193-58.static.acsalaska.net (209.112.193.58)
209-112-196-158-radius.dynamic.acsalaska.net (209.112.196.158)
209-112-197-78-radius.dynamic.acsalaska.net (209.112.197.78)
209-112-202-58.static.acsalaska.net (209.112.202.58)
209-112-221-16-radius.dynamic.acsalaska.net (209.112.221.16)
209-124-130-167.ip.swrd.arctic.net (209.124.130.167)
209-124-148-058.ip.unls.arctic.net (209.124.148.58)
209.161.170.11
209.161.179.147
209.165.155.20
209.165.155.24
209.165.155.30
209.165.155.7
209.165.183.49
209-193-24-202.static.acsalaska.net (209.193.24.202)
209-193-24-224.static.acsalaska.net (209.193.24.224)
209-193-24-233.static.acsalaska.net (209.193.24.233)
209-193-28-23-cdsl-rb1.jnu.acsalaska.net (209.193.28.23)
209-193-28-84-cdsl-rb1.jnu.acsalaska.net (209.193.28.84)
209-193-3-177.static.acsalaska.net (209.193.3.177)
209-193-36-168.static.acsalaska.net (209.193.36.168)
209-193-39-160.static.acsalaska.net (209.193.39.160)
209-193-39-71.static.acsalaska.net (209.193.39.71)
209.193.41.28
209-193-42-65.static.acsalaska.net (209.193.42.65)
209-193-42-70.static.acsalaska.net (209.193.42.70)
209-193-43-2.static.acsalaska.net (209.193.43.2)
209-193-47-128-cdsl-rb1.fai.acsalaska.net (209.193.47.128)
209-193-47-219-cdsl-rb1.fai.acsalaska.net (209.193.47.219)
209-193-47-233-cdsl-rb1.fai.acsalaska.net (209.193.47.233)
209-193-47-37-cdsl-rb1.fai.acsalaska.net (209.193.47.37)
209-193-5-100.static.acsalaska.net (209.193.5.100)
209-193-62-76.static.acsalaska.net (209.193.62.76)
216-115-113-208.alasconnect.net (216.115.113.208)
216-115-118-102.alasconnect.net (216.115.118.102)
216-115-118-105.alasconnect.net (216.115.118.105)
216-115-118-87.alasconnect.net (216.115.118.87)
216-115-118-89.alasconnect.net (216.115.118.89)
216-115-118-90.alasconnect.net (216.115.118.90)
216-115-118-91.alasconnect.net (216.115.118.91)
216-115-118-92.alasconnect.net (216.115.118.92)
216-115-118-98.alasconnect.net (216.115.118.98)
216-67-102-144.static.acsalaska.net (216.67.102.144)
216-67-102-202.static.acsalaska.net (216.67.102.202)
216-67-102-20.static.acsalaska.net (216.67.102.20)
216-67-102-23.static.acsalaska.net (216.67.102.23)
216-67-102-28.static.acsalaska.net (216.67.102.28)
216-67-105-66.static.acsalaska.net (216.67.105.66)
216-67-106-39.static.acsalaska.net (216.67.106.39)
216-67-107-138.static.acsalaska.net (216.67.107.138)
216-67-107-155.static.acsalaska.net (216.67.107.155)
216-67-110-66.static.acsalaska.net (216.67.110.66)
216-67-112-20.static.acsalaska.net (216.67.112.20)
216-67-112-27.static.acsalaska.net (216.67.112.27)
216-67-112-29.static.acsalaska.net (216.67.112.29)
216-67-11-236-dsl-rb1.nwc.acsalaska.net (216.67.11.236)
216-67-112-4.static.acsalaska.net (216.67.112.4)
216-67-112-6.static.acsalaska.net (216.67.112.6)
216-67-11-74-dsl-rb1.nwc.acsalaska.net (216.67.11.74)
216-67-13-122.static.acsalaska.net (216.67.13.122)
216-67-13-186.static.acsalaska.net (216.67.13.186)
216-67-13-47.static.acsalaska.net (216.67.13.47)
216-67-13-72.static.acsalaska.net (216.67.13.72)
216-67-13-73.static.acsalaska.net (216.67.13.73)
216-67-20-190-radius.dynamic.acsalaska.net (216.67.20.190)
216-67-45-129.static.acsalaska.net (216.67.45.129)
216-67-45-92.static.acsalaska.net (216.67.45.92)
216-67-45-95.static.acsalaska.net (216.67.45.95)
216-67-60-136.static.acsalaska.net (216.67.60.136)
216-67-60-230.static.acsalaska.net (216.67.60.230)
216-67-60-6.static.acsalaska.net (216.67.60.6)
216-67-61-53.static.acsalaska.net (216.67.61.53)
216-67-80-25-rb1.kdk.dsl.dynamic.acsalaska.net (216.67.80.25)
216-67-91-151.static.acsalaska.net (216.67.91.151)
216-67-91-204.static.acsalaska.net (216.67.91.204)
216-67-91-89.static.acsalaska.net (216.67.91.89)
216-67-92-92.static.acsalaska.net (216.67.92.92)
216-67-93-233.static.acsalaska.net (216.67.93.233)
216-67-93-242.static.acsalaska.net (216.67.93.242)
216-67-95-100.static.acsalaska.net (216.67.95.100)
216-67-96-138.static.acsalaska.net (216.67.96.138)
216-67-96-154.static.acsalaska.net (216.67.96.154)
216-67-98-67.static.acsalaska.net (216.67.98.67)
23-235-111-137.static.acsalaska.net (23.235.111.137)
23-235-111-47.static.acsalaska.net (23.235.111.47)
24.237.236.118
24.237.236.34
63-140-114-154.static.acsalaska.net (63.140.114.154)
63-140-84-92-radius.dynamic.acsalaska.net (63.140.84.92)
63.140.89.175
63-140-93-202-radius.dynamic.acsalaska.net (63.140.93.202)
64.186.126.12
66.151.169.43
66-230-103-177-radius.dynamic.acsalaska.net (66.230.103.177)
66-230-104-96-dsl-rb1.nwc.acsalaska.net (66.230.104.96)
66-230-107-15.static.acsalaska.net (66.230.107.15)
66-230-107-181.static.acsalaska.net (66.230.107.181)
66-230-107-223.static.acsalaska.net (66.230.107.223)
66-230-107-71.static.acsalaska.net (66.230.107.71)
66-230-113-165-radius.dynamic.acsalaska.net (66.230.113.165)
66-230-114-157.static.acsalaska.net (66.230.114.157)
66-230-114-159.static.acsalaska.net (66.230.114.159)
66-230-99-30.static.acsalaska.net (66.230.99.30)
66-230-99-36.static.acsalaska.net (66.230.99.36)
66-230-99-70.static.acsalaska.net (66.230.99.70)
67.59.100.139
67.59.101.87
69-161-19-83.static.acsalaska.net (69.161.19.83)
69-161-20-220.static.acsalaska.net (69.161.20.220)
69-161-20-26.static.acsalaska.net (69.161.20.26)
69-161-26-32.static.acsalaska.net (69.161.26.32)
69-161-26-36.static.acsalaska.net (69.161.26.36)
69-161-26-37.static.acsalaska.net (69.161.26.37)
69-161-26-38.static.acsalaska.net (69.161.26.38)
69-161-26-40.static.acsalaska.net (69.161.26.40)
69-161-26-42.static.acsalaska.net (69.161.26.42)
69-161-26-45.static.acsalaska.net (69.161.26.45)
69-161-30-136.static.acsalaska.net (69.161.30.136)
69-161-30-32.static.acsalaska.net (69.161.30.32)
69-162-210-145.static.acsalaska.net (69.162.210.145)
69-162-211-106.static.acsalaska.net (69.162.211.106)
69-162-212-17.static.acsalaska.net (69.162.212.17)
69-162-213-27.static.acsalaska.net (69.162.213.27)
72.35.121.255
72.35.126.255
72.5.104.90
74-114-80-79.asdk12.org (74.114.80.79)
74-124-101-145-radius.dynamic.acsalaska.net (74.124.101.145)
74.124.125.186
74.124.125.248
74.124.125.251
74-124-127-218.static.acsalaska.net (74.124.127.218)
74-124-127-94.static.acsalaska.net (74.124.127.94)
ACOA.us (206.174.42.67)
akneurosurgery.com (63.140.124.146)
alio.crsd.net (209.161.179.142)
anc.threadalaska.org (209.112.135.84)
apps.k12northstar.org (192.161.134.140)
awpserver.alaskaworks.org (216.67.101.1)
bridge.dsl.160.136.cvinternet.net (209.161.160.136)
calista-spam.calistacorp.com (69.161.26.39)
ceav044.chugachelectric.com (192.189.219.13)
chevak.kasd.schoolaccess.net (24.237.232.2)
cisdirecotor.chugachelectric.com (192.189.219.142)
concord.retben.state.ak.us (146.63.72.24)
counselor.mzwlaw.com (24.237.120.71)
crweng.com (65.74.4.250)
crweng.com (65.74.4.251)
data-vrf-coa502-data1-221-151.kpunet.net (206.223.221.151)
data-vrf-npa501-data1-211-250.kpunet.net (206.223.211.250)
data-vrf-statics-197-009.kpunet.net (206.223.197.9)
data-vrf-statics-197-070.kpunet.net (206.223.197.70)
e-evidence.law.alaska.gov (146.63.113.37)
essp.borough.kenai.ak.us (209.193.25.81)
fa-6-18-cr8.nwc.acsalaska.net (209.112.193.49)
go-sbs.gossers.net (206.174.38.67)
heartbutte.hbps.schoolaccess.net (24.237.234.226)
hoffer-glass.com (216.67.11.184)
home.e-telligent.com (206.174.51.205)
intranet.chugachmiut.org (63.140.117.226)
ipa.b2ak.com (209.193.13.67)
kronos.itguyak.com (216.67.59.165)
legacy.totemocean.com (216.67.105.233)
lrs-ak.com (63.140.117.33)
mail2.ch-cpa.com (74.124.102.58)
mail2.sccak.com (206.174.14.131)
mail.absoluteenv.com (24.237.160.23)
mail.actionsecurity.com (209.165.167.110)
mail.airlandak.com (69.162.209.10)
mail.akfrontierservices.com (69.161.30.71)
mail.akics.org (209.165.162.202)
mail.akortholabs.com (206.174.45.172)
mail.akpackaging.net (66.230.107.174)
mail.akrehab.com (206.174.38.6)
mail.akserigraphics.com (206.174.48.26)
mail.aksonogram.com (63.140.107.211)
mail.alaskaheart.com (63.140.124.99)
mail.alaskapurewater.com (209.193.47.117)
mail.alaskaspineinstitute.com (209.112.193.146)
mail.alaskasteel.com (65.74.63.146)
mail.alaskatravelsource.com (216.67.96.90)
mail.alaskawomenssurgery.com (209.193.39.193)
mail.arcticoffice.com (69.162.209.118)
mail.askftm.com (209.112.192.86)
mail.autotrimdesignalaska.com (24.237.121.81)
mail.ayfn.org (74.124.103.218)
mail.bbedc.com (67.58.19.195)
mail.bcxllc.net (69.161.24.85)
mail.biggelectric.com (24.237.248.99)
mail.biglakesupply.com (216.152.176.67)
mail-brw.nsbsd.org (24.237.236.112)
mail.chklaw.net (66.230.114.58)
mail.chugachmiut.org (63.140.117.225)
mail.cpaccounting.us (66.58.178.243)
mail.criteriongeneral.com (24.237.229.156)
mail.crnative.org (69.161.19.84)
mail.debenhamproperties.com (206.174.41.23)
mail.denaligc.com (209.193.39.147)
mail.denaliorthopedics.com (64.4.239.122)
mail.dickerson-gibbons.com (206.174.50.204)
mail.dillonfindley.com (216.67.96.171)
mail.donlincreek.com (209.112.141.115)
mail.duclosorthodontics.com (66.58.176.10)
mail.ecsalaska.com (209.193.47.84)
mail.equipmentsourceinc.com (216.67.101.234)
mail.fairbankscollision.net (24.237.120.208)
mail.fcsonline.org (209.193.39.104)
mail.fngas.com (24.237.121.43)
mail.fnhs.org (24.237.120.194)
mail.galenanet.com (209.165.136.185)
mail.guessrudd.com (206.174.43.24)
mail.hartig.com (206.174.43.55)
mail.howdieinc.com (216.137.248.27)
mail.ibew1547.org (74.124.127.92)
mail.ideafamilies.org (209.165.136.164)
mail.ie-ak.com (206.174.12.228)
mailin04.muni.org (209.193.41.144)
mail.inuitservices.com (66.230.107.45)
mail.investfairbanks.com (24.237.120.180)
mail.juneaubirthcenter.org (209.193.6.208)
mail.katmailand.com (209.112.170.231)
mail.kbrw.org (24.237.124.120)
mail.kenbrady.com (206.174.54.230)
mail.klondikeadv.com (66.230.114.45)
mail.kodiak.ak.us (209.165.152.70)
mail.kpbarchitects.com (209.112.144.226)
mail.leasealaska.com (206.174.46.17)
mail.leerealtyllc.com (64.4.235.61)
MAIL.LEISNOI.COM (206.174.32.124)
mail.local71.com (63.140.113.18)
mail.neeserinc.com (209.112.204.212)
mail.north-slope.org (198.99.24.124)
mail.nprha.com (216.67.106.197)
mail.nvisionarch.com (206.174.51.8)
mail.palmerak.org (216.137.192.9)
mail.palmerpolice.com (64.4.232.8)
mail.pnlchs.net (209.193.47.52)
mail.polarfuel.com (24.237.121.133)
mail.pseaadmin.com (206.174.47.151)
mail.psea.net (206.174.47.152)
mail.ram-doors.com (206.174.51.166)
mail.sawcak.org (64.186.123.185)
mail.sermedinc.com (209.165.165.162)
mail.sgcalaska.com (24.237.160.44)
mail.sh-cpafirm.com (66.223.244.84)
mail.sheldonmuseum.net (64.186.123.184)
mail.smcsd.us (24.237.244.2)
mail.sonoskyjuneau.com (24.237.152.4)
mail.survbase.com (63.140.120.98)
mail.tekmate.net (63.140.127.69)
mail.titanalaska.net (206.174.51.147)
mail.trinityalaska.org (209.112.171.186)
mail.trustees.org (209.112.188.86)
mail.ukpik.com (66.223.252.188)
mail.unkira.org (67.58.21.79)
mail.wsiak.com (216.137.193.33)
matanuska.com (216.67.104.114)
metlakatla.com (64.186.99.254)
metro.eth.163.44.cvinternet.net (209.161.163.44)
met-wlm.org (64.186.123.161)
mission.zionfairbanks.org (63.140.107.75)
netpay.chugachelectric.com (192.189.219.211)
nis-bge2.nwc.acsalaska.net (209.112.173.89)
nis.nwc.acsalaska.net (209.112.173.91)
nms-ftyukon.arctic.net (209.124.147.179)
pmweb.opa.doa.alaska.gov (158.145.224.69)
polaris.alaskadreamsinc.com (24.237.120.35)
remote.aaroofing.biz (24.237.131.47)
remote.advancedblastingak.com (216.137.249.124)
remote.alaskahospitalist.com (206.174.32.51)
remote.alaskalasikcenter.com (206.174.42.27)
remote.bucherglass.com (216.67.13.89)
remote.ciaanet.org (216.67.11.183)
remote.greatalaskanholidays.com (65.74.8.100)
remote.katmaioncology.com (206.174.38.35)
remote.mirandaelectric.com (66.223.198.110)
remote.mudbusterscarwash.com (64.4.231.207)
remote.mypsychologyresources.com (216.67.91.206)
remote.orrsystems.com (66.223.166.131)
remote.overheaddoorfairbanks.com (24.237.131.6)
remote.pacwestak.com (206.174.44.3)
remote.reboundptak.com (66.223.156.200)
remote.touralaska.net (24.237.229.241)
remote.wildernessexpress.net (66.223.252.146)
schneiderandshilling.com (209.193.47.77)
sealion-static.unicom-alaska.com (66.223.224.26)
secure.wildlife.alaska.gov (146.63.158.39)
smtp.ci.fairbanks.ak.us (216.115.115.249)
smtp.waltersakinsurance.com (216.67.13.29)
sts.dol.alaska.gov (158.145.36.119)
tmg1.northernaviationservices.aero (198.17.216.70)
unk.bssd.org (24.237.247.98)
vitusmarine.com (206.174.36.144)
webaccess.groheggers.com (209.112.170.98)
webhost.schoolaccess.net (66.223.232.200)
wolf.rcalaska.com (23.235.111.53)
www.mc-graphic.com (209.112.131.17)
royce@mycroft2:/var/tmp/tls/nmap/nmap-sslv2-25$

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Mar 2 14:32:35 2016

This archive was generated by hypermail 2.1.8 : Wed Mar 02 2016 - 14:32:35 AKST