Tweet
PCI Compliance for Passive FTP Ports
I am facing a problem with Controlscan showing I am not compliant for ports open in the firewall for passive FTP.
Information From Target:
Service: 37557:TCP
Server accepted SSL 3.0 RC4 cipher: SSL3_CK_RSA_RC4_128_MD5
Information From Target:
Service: 51838:TCP
Supported ciphers: DES-CBC-SHA:TLSv1/SSLv3:56-bit RC4-MD5:TLSv1/SSLv3:128-bit RC4-SHA:TLSv1/SSLv3:128-bit
These ports are open in for my passive FTP range, which is 36000:55000.
However, my ftp is set to HIGH:!TLSv1:!SSLv2:!SSLv3:!ADH:!aNULL:!eNULL:!NULL
So, what is responding in this range that isn't Passive FTP, but uses TLSv1 and SSLv3
Information From Target:
Service: 37557:TCP
Server accepted SSL 3.0 RC4 cipher: SSL3_CK_RSA_RC4_128_MD5
Information From Target:
Service: 51838:TCP
Supported ciphers: DES-CBC-SHA:TLSv1/SSLv3:56-bit RC4-MD5:TLSv1/SSLv3:128-bit RC4-SHA:TLSv1/SSLv3:128-bit
These ports are open in for my passive FTP range, which is 36000:55000.
However, my ftp is set to HIGH:!TLSv1:!SSLv2:!SSLv3:!ADH:!aNULL:!eNULL:!NULL
So, what is responding in this range that isn't Passive FTP, but uses TLSv1 and SSLv3
Comment