| Security Issues and Fixes: 10.0.1.1 |
| Type |
Port |
Issue and Fix |
| Vulnerability |
general/tcp |
It was possible to crash the remote
machine by flooding it with 10 KB ping packets.
A cracker may use this attack to make this
host crash continuously, preventing you
from working properly.
Solution : upgrade your BlackIce software or remove it.
Risk factor : High
CVE : CVE-2002-0237
BID : 4025
Nessus ID : 10927 |
| Warning |
general/tcp |
The remote host might be vulnerable to a sequence number approximation
bug, which may allow an attacker to send spoofed RST packets to the remote
host and close established connections.
This may cause problems for some dedicated services (BGP, a VPN over
TCP, etc...).
Solution : See http://www.securityfocus.com/bid/10183/solution/
Risk factor : Medium
CVE : CAN-2004-0230
BID : 10183
Other references : OSVDB:4030, IAVA:2004-A-0007
Nessus ID : 12213 |
| Warning |
general/tcp |
The remote host is a Wireless Access Point (Apple Airport Extreme Base Station (WAP)).
You should ensure that the proper physical and logical
controls exist around the AP. A misconfigured access point may allow an
attacker to gain access to an internal network without being physically
present on the premises. If the access point is using an 'off-the-shelf'
configuration (such as 40 or 104 bit WEP encryption), the data being
passed through the access point may be vulnerable to hijacking
or sniffing.
Risk factor : Low
Nessus ID : 11026 |
| Informational |
general/tcp |
The remote host is up
Nessus ID : 10180 |
| Informational |
general/tcp |
Nmap found that this host is running Apple Airport Extreme Base Station (WAP)
Nessus ID : 10336 |
| Informational |
general/tcp |
HTTP NIDS evasion functions are enabled.
You may get some false negative results
Nessus ID : 10890 |
| Informational |
general/tcp |
Nessus was not able to reliably identify the remote operating system. It might be:
FreeBSD 4.9
VxWorks 5.4
FreeBSD 4.4
AsyncOS
FreeBSD 4.7
FreeBSD 4.8
The fingerprint differs from these known signatures on 2 points.
If you know what operating system this host is running, please send this signature to
os-signatures@nessus.org :
:1:1:1:64:1:64:1:0:64:1:0:64:1:8:64:1:1:0:0:1:1:1:1:1:64:16384:MNWNNT:0:1:1
Nessus ID : 11936 |
| Warning |
domain (53/tcp) |
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : High
CVE : CVE-1999-0024
BID : 136, 678
Nessus ID : 10539 |
| Informational |
domain (53/tcp) |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002 |
| Informational |
snet-sensor-mgmt (10000/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
OpwinTRojan
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
| Warning |
unknown (5009/tcp) |
The remote host is an Apple Airport Wireless Access Point which
can be administrated on top of TCP port 5009.
There is a design flaw in the administrative protocol which makes
the clients which connect to this port send the password
in plain text (although slightly obsfuscated).
An attacker who has the ability to sniff the data going to this
device may use this flaw to gain its administrative password and
gain its control. Since the airport base station does not keep any
log, it will be difficult to determine that administrative access
has been stolen.
Solution : Block incoming traffic to this port, and only administer
this base station when connected to it using a cross-over ethernet
cable.
Risk factor : Medium
CVE : CAN-2003-0270
BID : 7554
Nessus ID : 11620 |
| Warning |
general/icmp |
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
Nessus ID : 10114 |
| Informational |
general/udp |
For your information, here is the traceroute to 10.0.1.1 :
10.0.1.2
10.0.1.1
Nessus ID : 10287 |
| Informational |
bootps (67/udp) |
Here is the information we could gather from the remote DHCP
server. This allows an attacker on your local network to gain
information about it easily :
Master DHCP server of this network : 0.0.0.0
IP address the DHCP server would attribute us : 10.0.1.3
DHCP server(s) identifier = 10.0.1.1
netmask = 255.255.255.0
router = 10.0.1.1
domain name server(s) = 10.0.1.1
broadcast address = 255.255.255.255
Solution : remove the options that are not in use in your DHCP server
Risk factor : Low
Nessus ID : 10663 |
| Vulnerability |
isakmp (500/udp) |
The remote IPSEC server seems to have a problem negotiating
bogus IKE requests.
An attacker may use this flaw to disable your VPN remotely
Solution: Contact your vendor for a patch
Reference : See RFC 2409
Risk factor : High
Nessus ID : 10941 |