| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.10.0.1 | 0 | 6 | 1 | Finished |
| Service | Severity | Description |
| http (80/tcp) | Port is open | |
| http (80/tcp) | The remote web server type is : httpd Solution : We recommend that you configure (if possible) your web server to return a bogus Server header in order to not leak information. | |
| general/tcp | Remote OS guess : FreeSCO 0.27 (Linux 2.0.38 kernel) CVE : CAN-1999-0454 | |
| general/tcp | The remote host does not discard TCP SYN packets which have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html http://www.kb.cert.org/vuls/id/464113 Solution : Contact your vendor for a patch Risk factor : Medium BID : 7487 | |
| general/udp | For your information, here is the traceroute to 10.10.0.1 : 10.10.0.1 | |
| general/icmp | The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 | |
| http (80/tcp) | A web server is running on this port |