SSL POODLE Report

This report identifies hosts that allow the use of SSL v3.0 with cipher-block chaining (CBC) mode ciphers, which are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.

See US-CERT alert TA14-290A at: https://www.us-cert.gov/ncas/alerts/TA14-290A for more information on this vulnerability and exploit.

Statistics for these servers can be found here.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • ssl_poodle
    If "Y", then the device completed an SSLv3 handshake that used CBC (Cipher-Block Chaining) CipherSuites, which is vulnerable to a POODLE attack
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","ssl_poodle","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date"
"2014-11-16 03:13:52","87.228.223.89",443,"87-223-89.netrunf.cytanet.com.cy","ssl","TLSv1.0",6866,"CY",1,"NICOSIA","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"Thomson TG585 v7","Thomson TG585 v7","Jan  1 00:00:00 2005 GMT","Dec 31 00:00:00 2024 GMT"
"2014-11-16 03:13:52","119.161.34.219",443,,"ssl","TLSv1.0",55455,"AU","NSW","NORTH RYDE","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"*.vmareturns.com.au","Go Daddy Secure Certification Authority","Jul  2 23:17:47 2013 GMT","Aug  1 22:28:50 2015 GMT"
"2014-11-16 03:13:52","201.212.8.219",443,"octodata2.jedy.com.ar","ssl","TLSv1.0",10481,"AR","C","BUENOS AIRES","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"iDRAC6 default certificate","iDRAC6 default certificate","Sep 17 22:47:28 2009 GMT","Sep 15 22:47:28 2019 GMT"
"2014-11-16 03:13:52","2.34.252.97",443,"net-2-34-252-97.cust.vodafonedsl.it","ssl","TLSv1.0",30722,"IT","PD","PADOVA","TLS_RSA_WITH_RC4_128_SHA","Y",2048,"*.mynet.vodafone.it","Vodafone (Secure Networks)","May 16 09:07:08 2014 GMT","May 16 09:07:08 2017 GMT"
"2014-11-16 03:13:52","86.13.183.194",443,"cpc10-colc7-2-0-cust961.7-4.cable.virginm.net","ssl","TLSv1.0",5089,"UK","ESS","COLCHESTER","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"*.device465170.wd2go.com","remotewd.com","Feb  8 22:14:03 2013 GMT","Feb  8 22:14:03 2023 GMT"
"2014-11-16 03:13:52","99.16.128.48",443,"99-16-128-48.lightspeed.crlkil.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","HINSDALE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","103.11.19.76",443,"apps.moko04.com","ssl","TLSv1.2",23818,"JP",13,"TOKYO","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"apps.zlpad04.com","apps.zlpad04.com","Jun 10 11:19:19 2014 GMT","Jun 10 11:19:19 2015 GMT"
"2014-11-16 03:13:52","150.101.206.116",443,"eth885.nsw.adsl.internode.on.net","ssl","TLSv1.2",4739,"AU","NSW","SYDNEY","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FWF40C3913009779","support","Sep 17 15:38:30 2013 GMT","Jan 19 03:14:07 2038 GMT"
"2014-11-16 03:13:52","93.200.56.232",443,"p5dc838e8.dip0.t-ipconnect.de","ssl","TLSv1.0",3320,"DE","NW","COLOGNE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FirstCleanKoeln.homelinux.org","FirstCleanKoeln.homelinux.org","Jan  1 00:00:20 2000 GMT","Mar 18 00:00:20 2015 GMT"
"2014-11-16 03:13:52","99.66.112.150",443,"99-66-112-150.lightspeed.cicril.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","LINCOLNWOOD","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","188.66.80.115",443,"mail.ccsltd.co.uk","ssl","TLSv1.0",31655,"UK","BEN","WEMBLEY","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"remote.ccsukltd.co.uk","RapidSSL CA","Jan  6 05:14:19 2013 GMT","Feb  8 10:31:47 2015 GMT"

Our 73 Report Types