IP address details
From an IP address's details page, you can view details about the vulnerabilities and ports we identified for a specific IP address. To access the page, go to the IP addresses page and select an IP address from the IP address table.
IP address overview
At the top of the page, you can view details about the IP address such as the primary network it belongs to, its origin, and the autonomous system number (ASN) for the origin.
An origin is an organization that holds the rights to an IP address and connects it to the internet.
IP address overview fields
Name | Description |
---|---|
IP address | IP address associated with the details on the page. |
RDNS | Domain name for the IP address identified from a reverse DNS (RDNS) lookup. RDNS uses an IP address to identify a domain name. |
ASN | Unique identifier associated with the organization that holds the rights to the IP address and connects it to the internet. Regional internet registries (RIRs) assign identifiers to the networks of large organizations. |
Primary network | Network with the longest prefix match that the IP address belongs to. |
Port count | Number of open ports identified for the IP address, including ports in the system, registered, and private ranges. |
Service count | Number of service, product, and version combinations on open ports. If there are multiple instances of a combination running on multiple ports, we only count the combination once. For example, if there are two instances of http, Apache httpd, 2.0.0, we only count the combination once. |
Vulnerability instance count | Number of vulnerability instances found for the IP address. An instance is a vulnerability with a CVE number related to a service, product, and version combination on an open port. If there are multiple instances of a combination running on multiple ports, we count the vulnerabilities for each port as an instance. For details, see Vulnerability instances. |
IP address tags | Reasons the IP address is potentially vulnerable. For details, see Tags. |
Vulnerabilities for IP address
The Vulnerabilities for IP address table includes the vulnerabilities for the services running on the IP address' open ports. For each vulnerability, you can view the CVE number, CVSS score, port, service type, and service product version. To access the table, select Vulnerabilities.
Use the information to review the vulnerabilities for services running on an IP address, such as if you notice a large number of vulnerabilities listed on the IP addresses page.
Columns and filters
-
To add or remove information in the table, select Columns and choose the columns to view.
-
To view and manage IP addresses that meet specific criteria, such as those running a specific service, select Filters and then select how to narrow the data.
Name | Description |
---|---|
CVE | Common Vulnerabilities and Exposures (CVE) number for a cybersecurity flaw found for a service, product, and version combination that the IP address runs on the port. |
Vulnerability intel tags | Types of threats associated with the vulnerability. For details, see Tags. |
Port | Port running the service, product, and version combination associated with the vulnerability. |
Service | Name of the service associated with the vulnerability. |
Product | Name of the product associated with the vulnerability. |
Version | Version of the product associated with the vulnerability. |
Organization | Filter for finding vulnerabilities for the IP address associated with an organization from your hierarchy. |
Ports for IP address
The Ports for IP address table includes the open ports on the host device associated with the IP address. It also lists the service running on each port, the product name and version number, and the number of vulnerabilities. To access the table, select Ports.
Use the information to verify the correct ports are open for an IP address, such as if you notice a large number of ports listed on the IP addresses page.
When we can't determine the service that's running on an open port, the value in the Ports column from the IP address table won't match the number of ports listed in the Ports for IP address table.
For information about table options, see Tables.
Columns and filters
-
To add or remove information in the table, select Columns and choose the columns to view.
-
To view and manage IP addresses that meet specific criteria, such as those running on a specific port, select Filters and then select how to narrow the data.
Name | Description |
---|---|
Port | Port running a service, product, and version combination. Select the port number to open the port's details page. For more information, see Port details. |
Service | Name of the service running on the port. |
Product | Name of the product running on the port. |
Version | Version of the product running on the port. |
Vulnerability instance count | Number of vulnerability instances found for the port. An instance is a vulnerability with a CVE number identified for the service, product, and version combination that the IP address runs on the port. For details, see Vulnerability instances. |
Service tags | Reasons the service is potentially vulnerable. For details, see Tags. |
Port range | Whether the port is in the system, registered, or private port category. |
Organization | Filter for finding ports for the IP address associated with an organization from your hierarchy. |
Domains for IP address
The Domains for IP address table includes the domain names we matched to the IP address using forward DNS lookup (FDNS), and for which no corresponding reverse DNS (RDNS) records were found. To access the table, select Domains.
Use the information to confirm that the domains match your organization’s registration information for the IP address.