| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 20.0.0.1 | 1 | 9 | 2 | Finished |
| Service | Severity | Description |
| domain (53/udp) | Port is open | |
| www (80/tcp) | Port is open | |
| general/icmp | The remote host is vulnerable to an 'Etherleak' - the remote ethernet driver seems to leak bits of the content of the memory of the remote operating system. Note that an attacker may take advantage of this flaw only when its target is on the same physical subnet. See also : http://www.atstake.com/research/advisories/2003/a010603-1.txt Solution : Contact your vendor for a fix Risk factor : Serious CVE : CAN-2003-0001 BID : 6535 | |
| domain (53/udp) | A DNS server is running on this port. If you do not use it, disable it. Risk factor : Low | |
| domain (53/udp) | The remote name server allows recursive queries to be performed by the host running nessusd. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system. See also : http://www.cert.org/advisories/CA-1997-22.html Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }' For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation. Risk factor : Serious CVE : CVE-1999-0024 BID : 678 | |
| general/udp | For your information, here is the traceroute to 20.0.0.1 : 20.0.0.254 20.0.0.1 | |
| general/tcp | The remote host does not discard TCP SYN packets which have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html http://www.kb.cert.org/vuls/id/464113 Solution : Contact your vendor for a patch Risk factor : Medium BID : 7487 | |
| general/icmp | The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 | |
| www (80/tcp) | A web server is running on this port | |
| www (80/tcp) | The following directories were discovered: /cgi-bin, /htdocs While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards | |
| www (80/tcp) | Although it tries to hide its version, this web server was fingerprinted as: mini_httpd/1.17beta1 or 1.18 | |
| domain (53/udp) | It was not possible to fingerprint the remote DNS server. If you know the type and version of the remote DNS server, please send the following signature to dns-signatures@nessus.org : 0:0:0:0Q2:0:0:t:0:0:0:0:0:0:0Z0:0Z1:0Z2:0:0:0:0:0:0:0: |