It’s not too often you get to be excited about a security
threat. However, the POODLE security threat seems to put a smile on my face
every time I see it written somewhere… Poodles are just so innocent and
ridiculous looking to take seriously as a major threat. So in a bid to take
this security issue more seriously, I have built a Powershell tool for remotely
checking servers for having either SSL 2.0 or SSL 3.0 enabled on them.
More Detail on the POODLE threat
Here are some links that explain the POODLE threat in a
little more detail:
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
- In relation to Lync and Exchange: http://masteringlync.com/2014/10/20/poodle-and-lync-server-2013/
- Microsoft’s Security Advisory: https://technet.microsoft.com/library/security/3009008
- Office 365 Statement: http://blogs.office.com/2014/10/29/protecting-ssl-3-0-vulnerability/
POODLE Checker Tool
- The tool will try and connect using SSL 2.0 and SSL 3.0 to any server FQDN/IP and port (multiple ports can be entered with a comma separating them) you enter.
- Press the Test button and it will check all the ports in the ports text box. The tool will report in the Powershell window which ports have SSL 2.0 and SSL 3.0 running on them.
- The tool will also visually display the results…
- Script is signed.
Update 1.01
- Added additional checking of TLS (1.0, 1.1, 1.2) protocols so you can better understand all the TLS connection options available on the server before deciding to disable SSL.
Update 1.02 (16/2/2015)
- Added the ability to handle multiple comma separated IP Addresses/DNS Names.
- Added Cancel button to stop testing.
- Disabled text boxes during testing phase.
- Textboxes now stretch when resized.
Standard SSL Port Numbers
SSL can technically run on any port that you configure and
application to use. However, the well-known port numbers for applications that
use SSL (as defined by IANA, and IETF) are listed below:
Protocol
|
Port
|
Description
|
nsiiops
|
261
|
IIOP Name Service over TLS/SSL
|
https
|
443
|
http protocol over TLS/SSL
|
ddm-ssl
|
448
|
DDM-SSL
|
smtps
|
465
|
smtp protocol over TLS/SSL
|
nntps
|
563
|
nntp protocol over TLS/SSL
|
sshell
|
614
|
SSLshell
|
ldaps
|
636
|
ldap protocol over TLS/SSL
|
ftps-data
|
989
|
ftp protocol, data, over TLS/SSL
|
ftps
|
990
|
ftp, control, over TLS/SSL
|
telnets
|
992
|
telnet protocol over TLS/SSL
|
imaps
|
993
|
imap4 protocol over TLS/SSL
|
ircs
|
994
|
irc protocol over TLS/SSL
|
pop3s
|
995
|
pop3 protocol over TLS/SSL
|
Note: A listing of all
IANA port assignments can currently be found at: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
I have made the tool load all of these ports into the port
text field by default.
Note: The documented attack vector for POODLE is described for HTTPS connections, and not necessarily for these other protocols. The tool checks all of these protocols to check if your server is still accepting SSL2/3 connections in order to determine if it's globally enabled (in Windows the registry key effects SSL across most applications). Also, additional attack vectors may be found for other protocols, so if your applications can support newer versions of TLS it is probably wise to turn these older versions of SSL anyway.
Note: The documented attack vector for POODLE is described for HTTPS connections, and not necessarily for these other protocols. The tool checks all of these protocols to check if your server is still accepting SSL2/3 connections in order to determine if it's globally enabled (in Windows the registry key effects SSL across most applications). Also, additional attack vectors may be found for other protocols, so if your applications can support newer versions of TLS it is probably wise to turn these older versions of SSL anyway.
The Wrap Up
There you have it, short and sweet! I hope the tool is useful to you and helps you take security
issues more seriously J
Let me know if you find any bugs or have any issues.