The Ripple20 vulnerabilities identified by JSOF impact millions of devices running the Treck operating system, many of which have not and will not receive updates. Finding exposed devices can be tricky since many of the device types (battery backups, printers, etc) are often excluded from normal vulnerability scans, sometimes automatically. Fortunately, Rumble’s scan engine is safe to use with embedded devices of all types and already collects enough information to identify many affected systems.
To support this effort, we have added two new entries to the Query Library:
These queries use the IP TTL differences between the ICMP and TCP replies as well as a specific HTTP server banner to find Treck OS devices.
Please note that the IP TTL query may include false positives as quite a few firewalls along with a handful of non-Treck devices exhibit the same behavior.
If you haven’t had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!
May 4, 2020
Rumble 1.7.0: Reporting, Fingerprints, and More!
Overview # Version 1.7.0 of Rumble Network Discovery is live with big updates to reporting. The Analysis Reports introduced in version 1.6.2 are now joined by a new Subnet Grid Report, linked off the main Subnets Report under the Explore menu. The Query Library has been …Read More
April 7, 2020
Rumble 1.6.0: Search Updates, New Fingerprints, and More!
Overview # Version 1.6.0 of Rumble Network Discovery is live with support for configurable scan grace periods, data retention policies, additional protocol support, enhanced fingerprint coverage, new search keywords, and much more. Scan Grace Periods # Starting with the …Read More
March 4, 2020
Rumble 1.5.0: Scanning Wider and Searching Deeper
Scanning & Searching # Version 1.5.0 of Rumble Network Discovery is live with updates in two major areas; wider scanning, through improved protocol support, scan engine enhancements, and more comprehensive decoders; and deeper searching, with the addition of a dozen new …Read More
Subscribe and stay in the loop!
We won't share your email.
Unsubscribe at any time.