Vulnerability scan result - failed

MassiveJim

MassiveJim

MassiveJim

Soldato
Joined
22 Feb 2014
Posts
2,925
Not sure if this belongs in networking or enterprise hardware section ?

After running a network vulnerability scan it has failed with the following item

Microsoft Windows Server 2003 Unsupported Installation Detection.


The thing is, I am not running Server 2003 anywhere.
The router is a draytek 2850 updated to latest firmware
the server is a Dell Poweredge R720, running hyper-v 2012, VMs are mainly server 2012, with a couple running on server 2008 R2

Machines that might be switched on and connected to the network are running a mix of desktop OSes from W7 onwards.
Last scan I ran I switched off all desktop machines "just in case"

Any ideas what could cause this ?
 
I rang the company, they don't really have an answer themselves, other than its a likely false positive, picking up a signature form another OS that is identifying as a 2003 Server signature.

Not really that helpful to be honest.
 
Really small building, I know everything that is plugged in to the network

VLAN1 - 1 device (not a PC)
VLAN2 - server and 3 desktops (W10/W7) + VOIP Phone
VLAN3 - seperate live network, only thing connected at the time of the scan was a MAC which was most likely in standby
 
If it's anything like the results from external PCI scans, you should get a document which tells you which tests have failed. Classic failures I saw were things like support for SSL 3.0 or weak ciphers eg RC4.

I'd also look at the port forwarding / NAT configuration on your Draytek. Make sure every forward is still needed and if it is, what it forwards to and what the protocol is.
 
From the vuln description then I'd bet it is a Nessus engine based scan. Never known it to be wrong. I run daily scans over over 500 endpoints.

The scan will give way more info than that, things such as MAC, services it can see etc. Ask the MSP for the full scan info for that IP.
 
ZedPowered said:
From the vuln description then I'd bet it is a Nessus engine based scan. Never known it to be wrong. I run daily scans over over 500 endpoints.

The scan will give way more info than that, things such as MAC, services it can see etc. Ask the MSP for the full scan info for that IP.
Click to expand...

I was thinking the same, Nmap Arp for host discovery and Nessus for the Vuln scanning. I can't remember having a such a big miss fingerprint like the OP.

There are plenty of other good tools available like OpenVAS you could try for comparison
 
We had a similar issue with a scan with worldpay for a pci compliance test. The environment was just a forgitgate firewall 50e, and two servers that both had windows server 2016 essentials installed.

One had sql server 2016 and had not access to the web, the web server had access to the internet and accessed the database via the 2nd network adapter on a separate vlan.

The scanner classed the web sever as server 2008r2, ended taking a screenshot of the server version dialog with the ip info in the screenshot and they let it pass.
 
I've been on the receiving end of many vulnerability scans for different customers at work over many years and things being thrown up which are wrong from a software scanner error or have been misinterpreted happens in practically every single set of results be them being for PCI DSS, connection to government networks or whatever. The worst is if you get someone who is new in the job and trying to prove themselves ... then the results can be a pile of garbage.

You should get a full set of results which has details on any element they have found to allow you to investigate and find out if there is an issue to be fixed or if the result is in error.
 
You must log in or register to reply here.
Back
Top Bottom