TOC & Recently Viewed

Recently Viewed Topics

AUDIT_DENIED_OPEN_PORTS

This check queries the list of open TCP/UDP ports on the target and compares them against a denied list of ports. The check relies on output from either “netstat –ano” or “netstat –an” to get a list of open ports, and then verifies that the ports are indeed open by verifying the port state using (get_port_state()/get_udp_port_state()).

Usage

<custom_item>

type: AUDIT_DENIED_OPEN_PORTS

description: "Audit Denied Open Ports"

value_type: [value_type]

value_data: [value]

port_type: [port_type]

<item>

The allowed types are:

  • value_type: POLICY_PORTS
  • value_data: "80,135,445,902,912,1024,1025,3389,5900,8[0-9]+,18208,32111,38311,47001,139"
  • port_type: TCP or UDP

Considerations:

  • value_data also accepts a regex as a port range, so something like 8[0-9]+ works as well.

Examples

The following example compares value_data against a list of TCP ports open on the target.

<custom_item>

type: AUDIT_DENIED_OPEN_PORTS

description: "Audit TCP OPEN PORTS"

value_type: POLICY_PORTS

value_data: "80,443"

port_type: TCP

</custom_item>

The following example compares value_data against a list of UDP ports open on the target.

<custom_item>

type: AUDIT_DENIED_OPEN_PORTS

description: "Audit UDP OPEN PORTS"

value_type: POLICY_PORTS

value_data: "161,5353"

port_type: UDP

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.