|
Security
Issues and Fixes: xxx.xxx.xxx.xxx
|
|
Type
|
Port
|
Issue
and Fix
|
|
Informational
|
ftp (21/tcp)
|
ftp_bounce_scan.nes could not
be executed
since the remote FTP server does not allow bounce scans
(which is a good thing)
CVE : CVE-1999-0017
|
|
Warning
|
netbios-ns (137/udp)
|
. The following
4 NetBIOS names have been gathered :
SYSSCAN
SYSSCAN
WORKGROUP
WORKGROUP
. The remote host has the following MAC address on its
adapter :
0x00 0xb0 0xd0 0x86 0x5e 0x31
If you do not want to allow everyone to find the NetBios
name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
|
|
Vulnerability
|
netbios-ssn (139/tcp)
|
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
. All the smb tests will be done as ''/''
in domain
|
|
Warning
|
netbios-ssn (139/tcp)
|
The domain
SID can be obtained remotely. Its value is :
WORKGROUP : 48-0-0-0-0
An attacker can use it to obtain the list of the local users of
this host
Solution : filter the ports 137 to 139
Risk factor : Low
CVE : CVE-2000-1200
|
|
Warning
|
netbios-ssn (139/tcp)
|
The host
SID can be obtained remotely. Its value is :
SYSSCAN : 5-21-73586283-789336058-1957994488
An attacker can use it to obtain the list of the local users of
this host
Solution : filter the ports 137 to 139
Risk factor : Low
CVE : CVE-2000-1200
|
|
Informational
|
netbios-ssn (139/tcp)
|
The remote
native lan manager
is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.1
The remote SMB Domain Name is : WORKGROUP
|
|
Informational
|
unknown
(1027/tcp)
|
A DCE service
is listening on xxx.xxx.xxx.xxx:1027 :
Type: ncacn_ip_udp
UUID : 7b91f80d-ff5a-11d0-a9b2-c04fb6e60000
Annotation : Messenger Service
|
|
Warning
|
unknown
(135/tcp)
|
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this
port.
Risk factor : Low
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'wzcsvc' is running on this host
Type : ncalrpc
UUID : f706820d-511f-e80a-3007-6d740be8cee9
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'wzcsvc' is running on this host
Type : ncalrpc
UUID : 8e52b00d-a937-cfc0-1182-2daa51e40000
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'wzcsvc' is running on this host
Type : ncalrpc
UUID : 74ef1c0d-a40a-0641-4e83-aedc74fb1cdd
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'wzcsvc' is running on this host
Type : ncalrpc
UUID : 7b91f80d-ff5a-11d0-a9b2-c04fb6e60000
Annotation : Messenger Service
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'keysvc' is running on this host
Type : ncalrpc
UUID : 7b91f80d-ff5a-11d0-a9b2-c04fb6e60000
Annotation : Messenger Service
|
|
Informational
|
unknown
(135/tcp)
|
The DCE
Service 'trkwks' is running
on this host
Type : ncalrpc
UUID : 7b91f80d-ff5a-11d0-a9b2-c04fb6e60000
Annotation : Messenger Service
|
|
Warning
|
general/icmp
|
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the
date which is set on your machine.
This may help him to defeat all your
time based authentication protocols.
Solution : filter
out the ICMP timestamp
requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
|
|
Informational
|
unknown
(1026/tcp)
|
A DCE service
is listening on xxx.xxx.xxx.xxx:1026 :
Type: ncacn_ip_tcp
UUID : f706820d-511f-e80a-3007-6d740be8cee9
|
|
Informational
|
unknown
(1026/tcp)
|
A DCE service
is listening on xxx.xxx.xxx.xxx:1026 :
Type: ncacn_ip_tcp
UUID : 8e52b00d-a937-cfc0-1182-2daa51e40000
|
|
Informational
|
unknown
(1026/tcp)
|
A DCE service
is listening on xxx.xxx.xxx.xxx:1026 :
Type: ncacn_ip_tcp
UUID : 74ef1c0d-a40a-0641-4e83-aedc74fb1cdd
|
|
Informational
|
unknown
(1026/tcp)
|
A DCE service
is listening on xxx.xxx.xxx.xxx:1026 :
Type: ncacn_ip_tcp
UUID : 7b91f80d-ff5a-11d0-a9b2-c04fb6e60000
Annotation : Messenger Service
|
|
Warning
|
general/tcp
|
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
|
|
Informational
|
general/udp
|
For your
information, here is the traceroute to xxx.xxx.xxx.xxx
:
xxx.xxx.xxx.xxx
|
|
Vulnerability
|
unknown
(1900/udp)
|
Microsoft Universal Plug n Play is running on this machine. This
service is dangerous for many
different reasons.
Solution: To disable UPNP, see http://grc.com/UnPnP/UnPnP.htm
For more information see: http://www.eEye.com
Risk factor : High
CVE : CVE-2001-0876
|
|
Warning
|
ntp (123/udp)
|
An NTP server is running on the remote host. Make sure that
you are running the latest version of your NTP server,
has some versions have been found out to be vulnerable to
buffer overflows.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
If you happen to be vulnerable : upgrade
Solution : Upgrade
Risk factor : High
CVE : CVE-2001-0414
|
