The remote server is running an Intelligent Platform Management Interface (IPMI) server.  IPMI protocol is used to directly manage hardware via the network.  It is commonly referred to as an out-of-band protocol.  That is, it can be used to manage devices, even if the device is powered off.  IPMI is a very powerful administrative tool and should be limited to only trusted networks.  The NNM has found an SSL service which is typically used with IPMI for remote management.

The remote host has been identified as using an SSL certificate associated with a Credit Card clearing house company.  That is, it is highly likely that this host is processing credit card information.

ServerView is used for out-of-band management of computer hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  ServerView gives the remote administrator full control over the hardware.

Megarac is used for out-of-band management of computer hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  Megarac gives the remote administrator full control over the hardware.

 Intel Active Management is used for out-of-band management of computer hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  Intel Active Management gives the remote administrator full control over the hardware.

HP LightsOut is used for out-of-band management of HP hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  LightsOut gives the remote administrator full control over the hardware.

Sun LightsOut is used for out-of-band management of Sun hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  LightsOut gives the remote administrator full control over the hardware.

The remote server is running an Intelligent Platform Management Interface (IPMI) server.  IPMI protocol is used to directly manage hardware via the network.  It is commonly referred to as an out-of-band protocol.  That is, it can be used to manage devices, even if the device is powered off.  IPMI is a very powerful administrative tool and should be limited to only trusted networks.

The remote host has been identified as a Dell Remote Access Controller (DRAC).  DRAC is used for out-of-band management of Dell hardware.  Given this, it is possible to remotely administer the machine, even if the device is not powered on.  DRAC gives the remote administrator full control over the hardware.

Honeywell provides products and services for a wide variety of applications including manufacturing, industrial process control, healthcare and medical, automotive and transportation, and aerospace.  The Telnet banner indicates that a Honeywell device has been detected.  

The remote host has been identified as a ComOS router or switch.  Further, the system is accepting connections to its telnet port.

The remote host has been identified as a Cisco Security Device Manager.  Further, the system is accepting connections to its telnet port.

The issuer of the SSL certificate used by this server seems to suggest that this server is part of a Puppet deployment. Puppet Enterprise network is an IT automation software that helps system administrators manage configurations across the network infrastructure.

The remove service is HP Data Protector, or HP OpenView Storage Data Protector as it was formerly known, a data management solution that automates backup and recovery

OID parsing of 1.3.6.1.2.1.1.1.0 (snmp sysDesc)

OID parsing of 1.3.6.1.2.1.25.4.2.1.2 (hsSWRunTable hsSWRunName)

The remote Cisco host has is querying the network for LWAPP services.  It is likely that the device is configured to use the LWAPP protocol and is querying the network for other LWAPP-capable devices.

The remote Cisco host is querying the network for CAPWAP services.  It is likely that the device is configured to use the CAPWAP protocol and is querying the network for other CAPWAP-capable devices.

The remote host has been identified as a CAPWAP server.  CAPWAP (Control and Provisioning of Wireless Acess Points) is a protocol used by wireless clients and servers to detect and configure nodes within the wireless network.

The remote host has been identified as a CAPWAP client.  CAPWAP (Control and Provisioning of Wireless Acess Points) is a protocol used by wireless clients and servers to detect and configure nodes within the wireless network.

The Mitsubishi GE-PON communication system is a fusion of Gigabit Ethernet (GE) and Passive Optical Network (PON) technologies and provides high-speed access circuits enabling high-capacity broadband content.  An Optical Line Terminal (OLT) is a device that provides the endpoint for the PON on the service provider's side (i.e., at the central office).  

The remote host is running the TalkSwitch VoIP Phone server.

National Instruments delivers hardware solutions for a range of applications including embedded control and monitoring, industrial control, medical, physics, and robotics.  National Instruments devices are found in several industries including automotive, electronics, aerospace, and energy.  

The remote host's Telnet banner indicates this is a Lantronix device.

The Lantronix SecureLinx Console Manager (SLC) enables remote, secure administration of servers and networking equipment.  

Lantronix, Inc., provides smart networking and communications solutions for machine-to-machine applications.  Lantronix devices are found in solutions across many industries including building automation, transportation, energy, retail, financial, medical, and information technology.  

The remote host is running a Vonage VoIP phone.  The detected information may be useful in further identifying the phone.

The remote host is running a Vonage VoIP phone.

Versions of HP Intelligent Management Center less than 5.2 E0401 are potentially affected by the following vulnerabilities :

  - A cross-site scripting vulnerability exists in the 'opentopo_symbolid' parameter of the 'topoContent.jsf' script. (CVE-2012-5200)

  - Multiple code execution vulnerabilities exist. (CVE-2012-5201, CVE-2012-5209)

  - Multiple information disclosure vulnerabilities exist. (CVE-2012-5202, CVE-2012-5203, CVE-2012-5204, CVE-2012-5205, CVE-2012-5206, CVE-2012-5207, CVE-2012-5208, CVE-2012-5212, CVE-2012-5213)

The remote host has requested new hardware metadata using Microsoft's Metadata Services.

The remote host has accessed Microsoft's Metadata Services for the first time. Microsoft's Metadata Services can be used to obtain metadata about devices plugged into a remote host.   

Moxa provides a wide range of products for industrial networking, computing, and automation.  Moxa solutions are found in many industries including rail, transportation, oil and gas, and process automation. 

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :

  - A buffer overflow exists in the SIP SDP headers and h264 video handling. NOTE:Only Affects version less than 11.2.2 (CVE-2013-2685)

  - A denial of server exists in the HTTP POST requests with very large 'Conten-Length' header values. (CVE-2013-2686)

  - An information disclosure exists in the INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configureatio options. (CVE-2013-2264)

The remote host is running the BACnet (Building Automation and Control Networks) protocol over UDP.  This protocol is typically seen on SCADA networks and is used to control and read data from remote devices.

A Citrix client has just initiated a connection to a Citrix server.

The remote host has been observed using an SSL client certificate.

Apt allows users to perform installation of new software packages, upgrade of existing software packages and updating package list index for debian-based Linux distributions.

The remote host is running Fedora Linux (Core 3) and is using Yum to keep packages up to date.  Yum is similar to the RedHat package manager and allows remote users to download, verify, and install software and/or patches via the central Fedora servers on the Internet.

The remote host has been observed adding a new MAC address via SNMP.

NNM observed at least one authentication session originating from this client address. 

PVS observed at least one authentication session originating from this client address. 

NNM has observed a formerly undetected mDNS client respond with a list of services.

NNM has observed a formerly detected mDNS client respond with a list of services.

The remote client has issued a name query for the following resource name.

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :

  - A stack-based buffer overflow error exists related to SIP, HTTP and XMPP handling over TCP. Note that in the case of 'Certified Asterisk', SIP is not affected. Further note that in the case of XMPP, an attacker must establish an authenticated session first. (CVE-2012-5976)

  - An error exists related to device state cache and anonymous calls that could allow system resources to be exhausted. Note this vulnerability only affects systems configured to allow anonymous calls. (CVE-2012-5977)

The remote host is running the Home Network Administration Protocol (HNAP).  This is a proprietary protocol from Cisco Systems which allows for easy remote administration of embedded devices.

The remote host has initiated an SSL connection to an external server.

ID	Name	Severity
6980	IPMI Server Detection (Certificate Email Check)	info
7083	SSL Credit Card Transaction Detection	info
6957	ServerView Server Detection	info
6956	Megarac Server Detection	info
6955	Intel Active Management Server Detection	info
6954	HP LightsOut Server Detection	info
6953	Sun LightsOut Server Detection	info
6951	IPMI Server Detection (Protocol Check)	info
6952	Dell Remote Access Controller (DRAC) Server Detection	info
6913	Honeywell Device Detection	info
6890	ComOS network equipment detection	info
6889	Cisco Security Device Manager Detection	info
6881	Puppet Labs Puppet Enterprise Server Detection	info
6875	HP Data Protector Detection	info
6873	OID parsing (deprecated)	info
6872	OID parsing	info
6864	LWAPP Protocol Detection	info
6863	CAPWAP Protocol Detection	info
6862	CAPWAP Protocol Server Detection	info
6861	CAPWAP Protocol Client Detection (DTLS)	info
6860	CAPWAP Protocol Client Detection (SSL)	info
6846	Mitsubishi Electric GE-PON OLT Detection	info
6839	TalkSwitch VoIP Server Detection	info
6799	National Instruments Device Detection	info
6892	Lantronix Device Detection	info
6786	Lantronix SecureLinx Console Manager (SLC) Detection	info
6785	Lantronix Device Detection	info
6777	Vonage VoIP phone detection	info
6776	Vonage VoIP phone detection	info
6779	HP Intelligent Management Center < 5.2 E0401 Multiple Vulnerabilities	critical
7080	Microsoft Metadata Services New Device Detection	info
7079	Microsoft Metadata Services Use Detection (deprecated)	info
6759	Moxa Device Detection	info
6750	Asterisk Multiple Vulnerabilities (AST-2013-001 / AST-2013-002 / AST-2013-003)	high
6727	BACnet Protocol Detection (deprecated)	info
6725	Citrix Client Detection	info
7077	SSL Client Certificate Detection	info
6713	Apt Updater Detection	info
2647	Fedora FC3 Yum Updates Detection (deprecated)	info
7076	MAC Address Addition via SNMP	info
6704	Detection of User Login	info
6703	Detection of User Login	info
7075	mDNS New Client Detection	info
7074	mDNS Client Detection	info
6695	mDNS Client Queries	info
6690	Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)	high
8128	HNAP Protocol Detection	info
6641	DHCPv6 server detection	info
6640	DHCPv6 client detection	info
7062	SSL Client Session Detection	info

Detections

Analytics

Generic Family for Nessus Network Monitor

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

info

critical

info

info

info

high

info

info

info

info

info

info

info

info

info

info

info

high

info

info

info

info