In my scan results QID 38229 - Service Stopped Responding is posted. What does this mean?
This vulnerability is posted when QualysGuard detected an open port on the target host and sent a probe to it, initially received a response, but then failed to get a response to additional probes.
There are several possible causes for this behavior:
a) The server reached its connection limit
b) The network segment is too busy and does not have the bandwidth
c) The server has a connection throttling module installed such as mod_throttle for Apache
d) A firewall or intrusion detection/prevention system detected the scan as an attack and blocked or throttled the traffic
e) The server contains a Denial of Service condition that was triggered by the scan
Since QualysGuard cannot determine whether the behavior was expected or not, this QID is posted so the administrator can investigate the state of the host and the cause of the behavior.
If it was expected as in scenarios c) or d), the vulnerability can be ignored and/or the necessary adjustments made to allow future scans.
However, if the behavior was unexpected and the scan caused a problem with the service, QualysGuard would like to investigate and resolve this issue. Please contact our support team - http://www.qualys.com/support/ for details - to open a case and provide the following information:
- IP address of the affected host
- Operating system name, version and service pack/patch level
- Affected service name, version, and patch level
- Diagram of the network between the Qualys scanner and the target host (routers, firewall, IDS, etc.)
- Description of the event and the symptoms on the affected host
- A complete copy of the scan results that caused this issue
- Server logs
Qualys Support will make every effort to reproduce the error and work with both you and the vendor to resolve any issues that might be triggered by our scan.
Qualys Support KnowledgeBase