You may have heard of the recently-discovered/-published TLStorm vulnerability that affects – at least – APC SmartUPS devices.
One of the prime issues highlighted is the embedded nanoSSL library that APC has used on these systems.
If you want to find out if your system is affected, the following nmap
except should start you towards a solution:
for octet in {30..39}; do (nmap -A -T4 192.168.0.$octet > nmap-192.168.0.$octet.out &) ; done
This will kick-off nmap
to run in parallel. When they all finish (you can monitor how many are running using ps aux | grep nmap
), you can then process the files rapidly thusly:
grep -i nano nmap*.out
If nanoSSL has been found, you’ll get a listing of all IPs running it (since you cleverly named your files with the IP in the name).
The mitigations you choose to implement have been explained well in the articles linked above, but finding these systems can be a pain.
Hope this helps someone 🙂