|
|
Open Ports Found: 5 (High:1 Low:4)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 53 | tcp | domain | None | ||
| 53 | udp | domain | version.bind TXT "8.2.2-P6" | ||
| 161 | udp | snmp | uptime 347844596 centiseconds | ||
|
0 | icmp | echo reply | Response Received | |
|
|
14 | icmp | timestamp reply | Timestamp is 15:47:32 |
| Warning: You have high-risk (red) ports exposed to the internet. These may not represent a direct vulnerability but it is not common practice to expose these services. Consider restricting access to these ports. This will help to protect you against potential future vulnerabilities. |
Ports Closed Since Last Month: 1 (High:1 Low:0)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 23 | tcp | telnet | Response Received |
Vulnerabilities Found: 5 (High:2 Medium:1 Low:2)
| Vulnerability | 10264 | SNMP Default Community Names | High Risk |
|---|
| Description | The SNMP agent on the remote host uses one or more default or easily guessable community strings. This enables an attacker to extract a lot of useful information, and possibly make configuration changes to the server. A sample of the information that can be extracted:
host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1 = "System Idle Process" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.8 = "System" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.168 = "SMSS.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.192 = "CSRSS.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.212 = "WINLOGON.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.240 = "SERVICES.EXE" |
||||
|---|---|---|---|---|---|
| Solution | Change the community strings to something unguessable | ||||
| References | CAN-1999-0186 CAN-1999-0254 CAN-1999-0516 CAN-1999-0517 | ||||
| First Found | 13 February 2003 | Port | 161/udp | Last 6 Months |
|
| Vulnerability | 10605 | BIND < 8.2.3 TSIG Overflow | High Risk |
|---|
| Description | According to its version number, the remote BIND server contains a vulnerability in its transaction signature (TSIG) code. A remote attacker with no authentication can use this to crash the server, and execute arbitrary code with the same permissions as the name service. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | CVE-2001-0010 CVE-2001-0011 CVE-2001-0012 CVE-2001-0013 | ||||
| First Found | 13 March 2003 | Port | 53/udp | Last 6 Months |
|
| Vulnerability | 10595 | DNS Zone Transfer | Medium Risk |
|---|
| Description | The remote name server allows DNS zone transfers to be performed. This information can be of great use to an attacker trying to learn the topology of your network. This configuration may be intentional, but it's usual practice to restrict zone transfers. Here is a sample of the data that can be extracted:
mailer2.example.com. 10800 IN A 192.168.0.110 mailer3.example.com. 10800 IN A 192.168.0.111 mailer4.example.com. 10800 IN A 192.168.0.113 ntp0.example.com. 10800 IN A 192.168.0.114 |
||||
|---|---|---|---|---|---|
| Solution | Restrict zone transfers to trusted addresses, usually just your slave name servers | ||||
| References | CAN-1999-0532 | ||||
| First Found | 13 March 2003 | Port | 53/tcp | Last 6 Months |
|
| Vulnerability | 10028 | BIND Version Information Leakage | Low Risk |
|---|
| Description | It is possible to determine the remote name server's type and version by issuing this query: dig version.bind. txt chaos @server An attacker can use this information to focus their attack strategy. |
||||
|---|---|---|---|---|---|
| Solution | Use the "version" configuration directive to change this to "unknown" | ||||
| First Found | 13 March 2003 | Port | 53/udp | Last 6 Months |
|
| Vulnerability | 10114 | Host Responded to ICMP Timestamp Request
|
Low Risk |
|---|
| Description | The target host responded to an ICMP timestamp request. This allows an attacker to determine the exact time and date set on your server. This information could be used in attacks against time-based authentication protocols. | ||||
|---|---|---|---|---|---|
| Solution | Either disable timestamp replies, or filter them at your firewall. | ||||
| References | CAN-1999-0524 | ||||
| First Found | 13 April 2003 | Port | general/icmp | Last 6 Months |
|
Historical Information
Stoplisted Vulnerabilities for this Host: 1
| Vulnerability | 90001 | Holes Detected in Firewall Configuration | Low Risk |
|---|
| Description | This host is protected by a firewall. Incoming TCP connections to most ports are blocked, however some ports were discovered where the firewall allows connections, but no service is running. This often indicates a firewall configuration error. The affected ports are: 443, 10000 |
||||
|---|---|---|---|---|---|
| Solution | Reconfigure your firewall to block all ports that you are not running services on. | ||||
| References | Firewalls FAQ | ||||
| First Found | 13 March 2003 | Port | general/tcp | Last 6 Months |
|
| Stopped | By: manager@yourcompany.com From: 12 March 2003 To: 12 March 2006 | ||||
| Reason | None specified | ||||