| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.60 | 3 | 5 | 8 | Finished |
| Service | Severity | Description |
| ftp (21/tcp) | Port is open | |
| telnet (23/tcp) | Port is open | |
| www (80/tcp) | Port is open | |
| https (443/tcp) | Port is open | |
| ssh (22/tcp) | Port is open | |
| snmp (161/tcp) | Port is open | |
| domain (53/udp) | Port is open | |
| snmp (161/udp) | Port is open | |
| snmp (161/udp) | SNMP Agent responded as expected with community name: public CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
| snmp (161/tcp) | Using SNMP, it was possible to determine the login/password pair of what is likely to be the remote ADSL connection : 'A'/'A' Solution : Filter incoming traffic to this port, and change your SNMP community name to a secret one Risk factor : High BID : 7212 | |
| general/tcp | The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host. Solution : Contact your vendor for a patch Risk factor : High CVE : CVE-1999-0077 BID : 107, 10881, 670 | |
| snmp (161/udp) | It was possible to obtain the list of Lanman services of the remote host via SNMP : . An attacker may use this information to gain more knowledge about the target host. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Low | |
| snmp (161/udp) | It was possible to obtain the list of SMB users of the remote host via SNMP : . An attacker may use this information to set up brute force attacks or find an unused account. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Medium | |
| snmp (161/udp) | It was possible to obtain the list of Lanman shares of the remote host via SNMP : . An attacker may use this information to gain more knowledge about the target host. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Low CVE : CAN-1999-0499 | |
| ssh (22/tcp) | The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution : If you use OpenSSH, set the option 'Protocol' to '2' If you use SSH.com's set the option 'Ssh1Compatibility' to 'no' Risk factor : Low | |
| domain (53/udp) | The remote name server allows recursive queries to be performed by the host running nessusd. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system. See also : http://www.cert.org/advisories/CA-1997-22.html Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }' For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation. Risk factor : High CVE : CVE-1999-0024 BID : 136, 678 | |
| general/tcp | 10.0.0.60 resolves as Zy0013491DD85E.ixbt.lab. | |
| snmp (161/udp) | Using SNMP, we could determine that the remote operating system is : ZyWALL 70 | |
| domain (53/udp) | A DNS server is running on this port. If you do not use it, disable it. Risk factor : Low | |
| https (443/tcp) | A web server is running on this port through SSL | |
| ftp (21/tcp) | An FTP server is running on this port. Here is its banner : 220 FTP version 1.0 ready at Fri Dec 16 19:49:15 2005 | |
| domain (53/udp) | The remote DNS server answers to queries for third party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of aforementioned financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more... For a much more detailed discussion of the potential risks of allowing DNS cache information to be queried anonymously, please see: http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf Risk factor : Low | |
| general/udp | For your information, here is the traceroute to 10.0.0.60 : 10.0.0.59 10.0.0.60 | |
| www (80/tcp) | A web server is running on this port | |
| telnet (23/tcp) | A telnet server seems to be running on this port | |
| ssh (22/tcp) | An ssh server is running on this port | |
| ftp (21/tcp) | Remote FTP server banner : 220 FTP version 1.0 ready at Fri Dec 16 19:49:31 2005 | |
| ftp (21/tcp) | Remote FTP server banner : 220 FTP version 1.0 ready at Fri Dec 16 19:49:15 2005 | |
| https (443/tcp) | A TLSv1 server answered on this port | |
| telnet (23/tcp) | Remote telnet banner : Password: " |