DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

PCI Scan Results

  • notoriousbig
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jul 2018 15:19 #1 by notoriousbig
PCI Scan Results was created by notoriousbig
Hello,

A recent pci scan against the external ip address of my Draytek 2860n router has produced the following results. Could someone please assist me in resolving them.

1. SSL/TLS server supports short block sizes (SWEET32 attack).

2. H323 service may be vulnerable to buffer overflow.

3. Server is susceptible to SSL POODLE attack (Draytek released a notification some time ago stating that their hardware was not susceptible to such attacks, but to ensure that the most up to date firmware was applied. Especially for older hardware) So I find this threat being rasied to be strange.

4.Server supports SSLv3 protocol.

5. SSL/TLS server supports RC4 ciphers.

6. Server supports TLS 1.0 protocol.

7. Apache server 413 error page cross-site scripting.

The takeaways are that the firmware upon the router is the latest 3.8.9.1 & SSLv3 is not enable anywhere upon the router. Port forwarding is also not enabled upon the router so the results are not on the back of internal LAN devices being scanned. The results are purely against the router itself.

Many thanks in advance

Notorious....

Please Log in or Create an account to join the conversation.

More
27 Jul 2018 19:43 #2 by x64
Replied by x64 on topic Re: PCI Scan Results
I have a V2862 and am offering advice from what I can see in the configuration options on that - apologies if the advice is not relevant to your router. I've not tried the setting I mention below, but they are what I'd try in your situation.

Other than the options in the GUI, I cant offer advice on disabling the specific ciphers or protocols, however if you are not using certain features of the router, it might be possible to remove the binding to port 443 on the router, thereby sidestepping the issue.

Do you require/use/have-enabled, remote web based administration for the router, or do you require/use.have enabled ssl VPN or OPenVPN based VPN?. I'm thinking if yo do not need either of these, then you could attempt to unbind them from your WAN interface(s).

Settings for that would be found at:
System Maintenance / Management / Internet access control and the TLS/SSL encryption setup sections.
SSL VPN / General Setup / Bind to Wan - tick a WAN interface that is not in use, untick others.
VPN and Remote access / Remote Access Control / Untick SSL VPN and OpenVPN enablement

I hope that gets you over the issue. If you need either of the services I mentioned, then I'd suggest engaging support :(

Please Log in or Create an account to join the conversation.

  • notoriousbig
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jul 2018 22:34 #3 by notoriousbig
Replied by notoriousbig on topic Re: PCI Scan Results
Hello

SSL VPN is used for remote management of the router. I will log a support ticket with Draytek.

Thanks.....

Please Log in or Create an account to join the conversation.

Moderators: Sami