Network Vulnerability Assessment Report
07.09.2005
Sorted by host names

Session name: level1-adslStart Time:07.09.2005 12:57:09
Finish Time:07.09.2005 13:07:36
Elapsed:0 day(s) 00:10:27
Total records generated:9
high severity:3
Medium severity:1
informational:5


10.0.0.26

ServiceSeverityDescription
snmp (161/udp)
Info
Port is open
www (80/tcp)
Info
Port is open
snmp (161/udp)
High

SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516
BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986
Other references : IAVA:2001-B-0001
general/tcp
High

The remote host seems to generate Initial Sequence Numbers (ISN) in a weak
manner which seems to solely depend on the source and dest port of the TCP
packets.

An attacker may exploit this flaw to establish spoofed connections to the
remote host.

The Raptor Firewall and Novell Netware are known to be vulnerable to this
flaw, although other network devices may be vulnerable as well.


Solution :

If you are using a Raptor Firewall, see
http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html

Otherwise, contact your vendor for a patch.

Reference : http://online.securityfocus.com/archive/1/285729

Risk factor : High
CVE : CAN-2002-1463
BID : 5387, 8652
general/tcp
High

The remote host has predictable TCP sequence numbers.

An attacker may use this flaw to establish spoofed TCP
connections to this host.

Solution : Contact your vendor for a patch
Risk factor : High
CVE : CVE-1999-0077
BID : 107, 10881, 670
general/tcp
Medium
The remote host is a Wireless Access Point (Internet Gateway Device).

You should ensure that the proper physical and logical
controls exist around the AP. A misconfigured access point may allow an
attacker to gain access to an internal network without being physically
present on the premises. If the access point is using an 'off-the-shelf'
configuration (such as 40 or 104 bit WEP encryption), the data being
passed through the access point may be vulnerable to hijacking
or sniffing.

Risk factor : Low
general/udp
Info
For your information, here is the traceroute to 10.0.0.26 :
10.0.0.59
10.0.0.26

www (80/tcp)
Info
The following CGI have been discovered :

Syntax : cginame (arguments [default value])

/cgi-bin/logi (rc [@] PS [] rd [banner] )

www (80/tcp)
Info
A web server is running on this port