| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.56 | 2 | 1 | 6 | Finished |
| Service | Severity | Description |
| ftp (21/tcp) | Port is open | |
| ssh (22/tcp) | Port is open | |
| telnet (23/tcp) | Port is open | |
| www (80/tcp) | Port is open | |
| tftp (69/udp) | Port is open | |
| snmp (161/udp) | Port is open | |
| snmp (161/udp) | Synopsis : The community name of the remote SNMP server can be guessed. Description : It is possible to obtain the default community names of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allow such modifications). Solution : Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Risk factor : High Plugin output : The remote SNMP server replies to the following default community strings : private public CVE : CVE-1999-0517, CVE-1999-0186, CVE-1999-0254, CVE-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
| ssh (22/tcp) | The remote host is running Dropbear prior to version 0.43. There is a flaw in this version of Dropbear which would enable a remote attacker to gain control of the system from a remote location. Solution : Upgrade to at least version 0.43 of Dropbear. See also : http://matt.ucc.asn.au/dropbear/CHANGES Risk factor : High CVE : CVE-2004-2486 BID : 10803 Other references : OSVDB:8137 | |
| telnet (23/tcp) | Synopsis : A telnet server is listening on the remote port Description : The remote host is running a telnet server. Using telnet is not recommended as logins, passwords and commands are transferred in clear text. An attacker may eavesdrop on a telnet session and obtain the credentials of other users. Solution : Disable this service and use SSH instead Risk factor : Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C) Plugin output: Remote telnet banner: U.S. Robotics ADSL Wireless Gateway Login: | |
| tftp (69/udp) | Synopsis : A TFTPD server is listening on the remote port. Description : The remote host is running a TFTPD (Trivial File Transfer Protocol). TFTPD is often used by routers and diskless hosts to retrieve their configuration. It is also used by worms to propagage. Solution : If you do not use this service, you should disable it. Risk factor : None CVE : CVE-1999-0616 | |
| general/udp | For your information, here is the traceroute from 10.0.0.59 to 10.0.0.56 : 10.0.0.59 10.0.0.56 | |
| ssh (22/tcp) | An ssh server is running on this port | |
| snmp (161/udp) | Synopsis : The list of network interfaces cards of the remote host can be obtained via SNMP. Description : It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host. Solution : Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk factor : Low Plugin output : Interface 1 information : ifIndex : 1 ifDescr : lo ifPhysAddress : Interface 2 information : ifIndex : 2 ifDescr : atm0 ifPhysAddress : 5ec000000000 Interface 3 information : ifIndex : 3 ifDescr : cpcs0 ifPhysAddress : 0cde00000000 Interface 4 information : ifIndex : 4 ifDescr : dsl0 ifPhysAddress : 0cde00000000 Interface 5 information : ifIndex : 5 ifDescr : eth0 ifPhysAddress : 0014c1048f09 Interface 6 information : ifIndex : 6 ifDescr : wl0 ifPhysAddress : 0014c1048f08 Interface 7 information : ifIndex : 7 ifDescr : br0 ifPhysAddress : 0014c1048f08 Interface 8 information : ifIndex : 8 ifDescr : nas_0_33 ifPhysAddress : 0014c1048f0a | |
| general/icmp | Synopsis : It is possible to determine the exact time set on the remote host. Description : The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0524 | |
| www (80/tcp) | A web server is running on this port | |
| ftp (21/tcp) | An FTP server is running on this port. Here is its banner : 220 Ftp firmware update utility | |
| www (80/tcp) | An HTTP proxy is running on this port | |
| ftp (21/tcp) | Synopsis : A FTP server is listening on this port Description : It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Risk factor : None Plugin output : The remote FTP banner is : 220 Ftp firmware update utility | |
| ssh (22/tcp) | Remote SSH version : SSH-2.0-dropbear_0.36 | |
| general/tcp | Nessus was not able to reliably identify the remote operating system. It might be: Infoblox DNSone MikroTik Router The fingerprint differs from these known signatures on 2 points. If you know what operating system this host is running, please send this signature to os-signatures@nessus.org : :1:1:0:64:1:64:1:0:64:1:0:64:1:>64:64:0:1:1:2:1:1:1:1:0:64:5792:MSTNW:7:1:1 ($Revision: 1.121 $) | |
| snmp (161/udp) | Synopsis : The System Information of the remote host can be obtained via SNMP. Description : It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host. Solution : Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk factor : Low Plugin output : System information : sysDescr : Broadcom Bcm963xx Software Version 1001_061305-3.00L.03. sysObjectID : 1.3.6.1.4.1.4413.2.10 sysUptime : 0d 0h 3m 47s sysContact : unknown sysName : USRobotics sysLocation : unknown sysServices : 72 | |
| www (80/tcp) | The remote web server type is : micro_httpd | |
| telnet (23/tcp) | The Telnet service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the telnet client and the telnet server. This includes logins and passwords. Solution: If you are running a Unix-type system, OpenSSH can be used instead of telnet. For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf. For Unix systems which use xinetd, you will need to modify the telnet services file in the /etc/xinetd.d folder. After making any changes to xinetd or inetd configuration files, you must restart the service in order for the changes to take affect. In addition, many different router and switch manufacturers support SSH as a telnet replacement. You should contact your vendor for a solution which uses an encrypted session. Risk factor : Low CVE : CVE-1999-0619 | |
| telnet (23/tcp) | A telnet server seems to be running on this port | |
| general/tcp | Information about this scan : Nessus version : Unknown (NASL_LEVEL=2200) Plugin feed version : 200602130615 Type of plugin feed : Registered (7 days delay) Scanner IP : 10.0.0.59 Port range : 1-1024 Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Max hosts : 16 Max checks : 10 Scan Start Date : 2006/2/17 21:25 Scan duration : 1209 sec |