Network Vulnerability Assessment Report
18.12.2003
Sorted by host names

Session name: zywall-30wStart Time:17.12.2003 17:27:29
Finish Time:17.12.2003 18:34:51
Elapsed:0 day(s) 01:07:21
Total records generated:25
high severity:1
low severity:16
informational:8


Summary of scanned hosts

HostHolesWarningsOpen portsState
172.16.0.11168Finished


172.16.0.1

ServiceSeverityDescription
unknown (1900/udp)
Info
Port is open
ftp (21/tcp)
Info
Port is open
ssh (22/tcp)
Info
Port is open
telnet (23/tcp)
Info
Port is open
http (80/tcp)
Info
Port is open
snmp (161/udp)
Info
Port is open
https (443/tcp)
Info
Port is open
snmp (161/tcp)
Info
Port is open
general/tcp
High

The remote host has predictable TCP sequence numbers.

An attacker may use this flaw to establish spoofed TCP
connections to this host.

Solution : If the remote host is running Windows, see
http://www.microsoft.com/technet/security/bulletin/ms99-046.asp

Risk factor : High
CVE : CVE-1999-0077
ftp (21/tcp)
Low
An FTP server is running on this port.
Here is its banner :
220 FTP version 1.0 ready at Sat Jan 01 21:10:03 2000

telnet (23/tcp)
Low
An unknown service is running on this port.
It is usually reserved for Telnet
snmp (161/tcp)
Low
snmpwalk could get the open port list with the community name 'public'
ssh (22/tcp)
Low
An unknown service is running on this port.
It is usually reserved for SSH
http (80/tcp)
Low
An unknown service is running on this port.
It is usually reserved for HTTP
ftp (21/tcp)
Low
Remote FTP server banner :
220 FTP version 1.0 ready at Sat Jan 01 21:10:03 2000

ssh (22/tcp)
Low
A SSH server seems to be running on this port
general/tcp
Low
Remote OS guess : Netopia R3100-I DSL Router Firmware version v4.7.2

CVE : CAN-1999-0454
ssh (22/tcp)
Low
Remote SSH version : SSH-1.5-1.0.0


ssh (22/tcp)
Low

You are running SSH protocol version 1.5.

This version allows a remote attacker to decrypt and/or alter traffic via
an attack on PKCS#1 version 1.5 knows as a Bleichenbacher attack.
OpenSSH up to version 2.3.0, AppGate, and SSH Communications
Security ssh-1 up to version 1.2.31 have the vulnerability present,
although it may not be exploitable due to configurations.

Solution :
Patch and New version are available from SSH/OpenSSH.

Risk factor : Low
CVE : CVE-2001-0361
BID : 2344
ssh (22/tcp)
Low

You are running a version of SSH which is
older than (or as old as) version 1.2.27.

If you compiled ssh with kerberos support,
then an attacker may eavesdrop your users
kerberos tickets, as sshd will set
the environment variable KRB5CCNAME to
'none', so kerberos tickets will be stored
in the current working directory of the
user, as 'none'.

If you have nfs/smb shared disks, then an attacker
may eavesdrop the kerberos tickets of your
users using this flaw.

*** If you are not using kerberos, then
*** ignore this warning.

Risk factor : Serious
Solution : use ssh 1.2.28 or newer
CVE : CVE-2000-0575
BID : 1426
http (80/tcp)
Low
The remote web server type is :

RomPager/4.07 UPnP/1.0


Solution : We recommend that you configure (if possible) your web server to return
a bogus Server header in order to not leak information.

https (443/tcp)
Low
An unknown service is running on this port.
It is usually reserved for HTTPS
general/udp
Low
For your information, here is the traceroute to 172.16.0.1 :
172.16.0.1

ssh (22/tcp)
Low

You are running SSH Communications Security SSH 1.2.30, or previous.

This version does not log repeated login attempts, which
could allow remote attackers to compromise accounts
without detection via a brute force attack.

Solution :
Patch and New version are available from SSH.

Risk factor : High
CVE : CAN-2001-0471
BID : 2345
telnet (23/tcp)
Low
Remote telnet banner :


Password: