Vulnerability/Security Scan on Virtual Service IP
Information
Summary: |
Running a SecureWorks scan on the virtual service IP address returned positive results for Malware. |
Environment: |
Product: LoadMaster Version:7.2.47 Platform: VMware Application: Exchange |
Question/Problem Description: |
Malware was found when scanning the virtual service IP of the LoadMaster. |
Steps to Reproduce: | Re-scan VIP |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | Vulnerability/Security scan returning positive. |
Resolution: |
In general, any scan performed on a virtual service typically means that a vulnerability was triggered on the Real Server that is behind the virtual service. The virtual service simply acts as a proxy for all traffic to the Real Server, and all of the return traffic is sourced from the Real Server. It's recommended to re-run the scan directly on the IP of the Real Server to confirm that the server is returning the same results. The best way to determine if the LoadMaster had possible vulnerabilities would be to scan the Interface/NIC IP address directly, as this will be a direct scan to the LM itself. |
Workaround: |
- Run a scan on the IP address of the Real Server - Run a scan on the Interface/NIC IP address of the LoadMaster directly |