Home  
Results for Microsoft Windows NT 4 Server Service Pack 6a


In this scan, we added Service Pack 6a to our existing install of NT 4 Server. Service Pack 6a added a significant improvement that we did not see with Solaris 8. Nessus reported the following:

Nessus Scan Report


--------------------------------------------------------------------------------

Number of hosts which were alive during the test : 1
Number of security holes found : 1
Number of security warnings found : 4
Number of security notes found : 2

List of the tested hosts :

10.10.10.20(Security holes found)

--------------------------------------------------------------------------------

10.10.10.20 :

List of open ports :

unknown (135/tcp)
netbios-ssn (139/tcp) (Security hole found)
general/tcp (Security warnings found)
netbios-ns (137/udp) (Security warnings found)
general/udp (Security notes found)

Vulnerability found on port netbios-ssn (139/tcp)


. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access


. All the smb tests will be done as ''/''

[ back to the list of ports ]

Warning found on port netbios-ssn (139/tcp)

Here is the browse list of the remote host :

TEST -


This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for

Solution : filter incoming traffic to this port
Risk factor : Low

[ back to the list of ports ]

Warning found on port netbios-ssn (139/tcp)

The host SID can be obtained remotely. Its value is :

TEST : 5-21-2118149473-67985344-1594628879

An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139
Risk factor : Low

[ back to the list of ports ]

Warning found on port general/tcp


The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.

An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.

Solution : Contact your vendor for a patch
Risk factor : Low

[ back to the list of ports ]

Information found on port general/tcp

Nmap found that this host is running Windows NT4 / Win95 / Win98

[ back to the list of ports ]

Warning found on port netbios-ns (137/udp)

. The following 8 NetBIOS names have been gathered :
TEST
TEST = This is the computer name registered for workstation services by a WINS client.
WORKGROUP = Workgroup / Domain name
TEST = Computer name that is registered for the messenger service on a computer that is a WINS client.
WORKGROUP = Workgroup / Domain name (part of the Browser elections)
ADMINISTRATOR = Computer name that is registered for the messenger service on a computer that is a WINS client.
WORKGROUP
__MSBROWSE__
. The remote host has the following MAC address on its adapter :
0x00 0xb0 0xd0 0xe6 0xc4 0x01

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium

[ back to the list of ports ]

Information found on port general/udp

For your information, here is the traceroute to 10.10.10.20 :
10.10.10.20
Privacy Policy
Site Map
All images, content & text (unless other ownership applies) are © copyrighted 2002, Infosecwriters.com. All rights reserved. Comments are property of the respective posters.