[^] Back
192.168.1.5 |
Scan time :
Start time : | Thu Feb 15 06:49:46 2007 |
End time : | Thu Feb 15 07:07:18 2007 | |
Number of vulnerabilities :
Open ports : | 106 |
Low : | 43 |
Medium : | 2 |
High : | 1 | |
|
Information about the remote host :
Operating system : | Microsoft Windows 2003 Server |
NetBIOS name : | TESTING |
DNS name : | (unknown) | |
|
[^] Back to 192.168.1.5
RTSP Server type and version |
Synopsis :
A RTSP (Real Time Streaming Protocol) server is listening on the remote port.
Description :
The remote server is a RTSP server. RTSP is a client-server multimedia presentation protocol, which is used to stream videos and audio files over an IP network.
It is usually possible to obtain the list of capabilities and the server name of the remote RTSP server by sending an OPTIONS request.
See also :
http://www.rtsp.org/
Solution :
Disable this service if you do not use it.
Risk factor :
None
Plugin output :
Server Type : WMServer/9.1.1.3814
The remote RSTP header replies the following to the OPTIONS * method :
RTSP/1.0 200 OK Public: DESCRIBE, SETUP, PLAY, PAUSE, TEARDOWN, SET_PARAMETER, GET_PARAMETER, OPTIONS Allow: OPTIONS, GET_PARAMETER Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile Date: Thu, 15 Feb 2007 11:55:22 GMT CSeq: 1 Server: WMServer/9.1.1.3814
Nessus ID : 10762
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1058 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1058 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
Port http-rpc-epmap (593/tcp) |
[^] Back to 192.168.1.5
icmp timestamp request |
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk factor :
None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Plugin output :
This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little endian format (not in network format) The difference between the local and remote clocks is 5 seconds
CVE : CVE-1999-0524
Nessus ID : 10114
|
Record route |
Here is the route recorded between 192.168.1.250 and 192.168.1.5 : 192.168.1.5.
Nessus ID : 12264
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1057 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs Service Type : Remote RPC service TCP Port : 1057 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs API Type : Remote RPC service TCP Port : 1057 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : PERFMON SERVICE Type : Remote RPC service TCP Port : 1057 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
LDAP allows null bases |
Synopsis :
It is possible to disclose LDAP information.
Description :
Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows information to be culled without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user can query your LDAP server using a tool such as 'LdapMiner'
Solution:
Disable NULL BASE queries on your LDAP server
Risk factor :
Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Nessus ID : 10722
|
LDAP allows anonymous binds |
Synopsis :
It is possible to disclose LDAP information.
Description :
Improperly configured LDAP servers will allow any user to connect to the server and query for information.
Solution :
Disable NULL BIND on your LDAP server
Risk factor :
Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) CVE : CVE-1999-0385 BID : 503 Other references : OSVDB:9723
Nessus ID : 10723
|
Use LDAP search request to retrieve information from NT Directory Services |
Synopsis :
It is possible to disclose LDAP information.
Description :
The directory base of the remote server is set to NULL. This allows information to be enumerated without any prior knowledge of the directory structure.
Solution :
If pre-Windows 2000 compatibility is not required, remove pre-Windows 2000 compatibility as follows :
- start cmd.exe - execute the command : net localgroup 'Pre-Windows 2000 Compatible Access' everyone /delete - restart the remote host
Risk factor :
Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Plugin output :
The following information was pulled from the server via a LDAP request: NTDS Settings,CN=TESTING,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omninerd,DC=com
Nessus ID : 12105
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1047 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0 Description : DNS Server Windows process : dns.exe Type : Remote RPC service TCP Port : 1047 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
DNS Server Detection |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1026 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
Port ms-streaming (1755/tcp) |
[^] Back to 192.168.1.5 [^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available locally :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : DNSResolver
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB08BA35EBD0F4F63862982F5F594
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : wzcsvc
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB08BA35EBD0F4F63862982F5F594
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : wzcsvc
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB08BA35EBD0F4F63862982F5F594
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0 Description : Unknown RPC service Annotation : Unimodem LRPC Endpoint Type : Local RPC service Named pipe : tapsrvlpc
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0 Description : Unknown RPC service Annotation : Unimodem LRPC Endpoint Type : Local RPC service Named pipe : unimdmsvc
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : W32TIME_ALT
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : OLE06A2EB2CD0AA43879ED614DB53B8
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : DHCPSERVERLPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : OLE06A2EB2CD0AA43879ED614DB53B8
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : DHCPSERVERLPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe : OLE1DA0110A8F484A5CA2D0CBC40957
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe : LRPC000006ec.00000001
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe : OLE1DA0110A8F484A5CA2D0CBC40957
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe : LRPC000006ec.00000001
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs Service Type : Local RPC service Named pipe : OLE65D330CB72A94F459A66A3F0BB4F
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs Service Type : Local RPC service Named pipe : LRPC0000064c.00000001
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs API Type : Local RPC service Named pipe : OLE65D330CB72A94F459A66A3F0BB4F
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs API Type : Local RPC service Named pipe : LRPC0000064c.00000001
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : PERFMON SERVICE Type : Local RPC service Named pipe : OLE65D330CB72A94F459A66A3F0BB4F
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : PERFMON SERVICE Type : Local RPC service Named pipe : LRPC0000064c.00000001
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0 Description : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Local RPC service Named pipe : OLE1DA722776E934BC2B14E43F426AD
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0 Description : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Local RPC service Named pipe : INETINFO_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Local RPC service Named pipe : OLE1DA722776E934BC2B14E43F426AD
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Local RPC service Named pipe : INETINFO_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Local RPC service Named pipe : SMTPSVC_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE1DA722776E934BC2B14E43F426AD
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : INETINFO_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : SMTPSVC_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : wzcsvc
Nessus ID : 10736
|
[^] Back to 192.168.1.5 [^] Back to 192.168.1.5
PPTP Detection |
Synopsis :
A VPN server is listening on the remote port.
Description :
The remote host is running a PPTP (Point-to-Point Tunneling Protocol) server. It allows users to set up a tunnel between their host and the network the remote host is attached to.
Make sure the use of this software is done in accordance with your corporate security policy.
Solution :
Disable this software if you do not use it
Risk factor :
None
Plugin output :
It was possible to extract the following information from the remote PPTP server : Firmware Version : 3790 Vendor Name : Microsoft
Nessus ID : 10622
|
[^] Back to 192.168.1.5 [^] Back to 192.168.1.5
Port microsoft-ds (445/tcp) |
SMB Detection |
A CIFS server is running on this port
Nessus ID : 11011
|
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available remotely :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0 Description : Unknown RPC service Annotation : Unimodem LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\tapsrv Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Remote RPC service Named pipe : \PIPE\W32TIME_ALT Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Remote RPC service Named pipe : \pipe\WinsPipe Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows process : wins.exe Type : Remote RPC service Named pipe : \pipe\WinsPipe Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0 Description : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Remote RPC service Named pipe : \PIPE\INETINFO Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC service Named pipe : \PIPE\INETINFO Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC service Named pipe : \PIPE\SMTPSVC Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\INETINFO Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\SMTPSVC Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\TESTING
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\TESTING
Nessus ID : 10736
|
SMB NativeLanMan |
Synopsis :
It is possible to obtain information about the remote operating system.
Description :
It is possible to get the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : Windows Server 2003 3790 Service Pack 1 The remote native lan manager is : Windows Server 2003 5.2 The remote SMB Domain Name is : OMNINERD
Nessus ID : 10785
|
SMB LanMan Pipe Server browse listing |
Synopsis :
It is possible to obtain network information.
Description :
It was possible to obtain the browse list of the remote Windows system by send a request to the LANMAN pipe. The browse list is the list of the nearest Windows systems of the remote host.
Risk factor :
None
Plugin output :
Here is the browse list of the remote host :
TESTING ( os: 5.2 )
Other references : OSVDB:300
Nessus ID : 10397
|
SMB accessible registry |
Synopsis :
Access the remote Windows Registry.
Description :
It was not possible to connect to PIPE\winreg on the remote host. If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote Registry Access' service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Risk factor :
None
Nessus ID : 10400
|
Vulnerability in Server Service Could Allow Remote Code Execution (917159) - Network check |
Synopsis :
Arbitrary code can be executed on the remote host due to a flaw in the 'server' service.
Description :
The remote host is vulnerable to heap overflow in the 'Server' service which may allow an attacker to execute arbitrary code on the remote host with the 'System' privileges.
In addition to this, the remote host is also vulnerable to an information disclosure vulnerability in SMB which may allow an attacker to obtain portions of the memory of the remote host.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
Risk factor :
High / CVSS Base Score : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) CVE : CVE-2006-1314, CVE-2006-1315 BID : 18891, 18863
Nessus ID : 22034
|
[^] Back to 192.168.1.5
Services |
An SMTP server is running on this port Here is its banner : 220 testing.omninerd.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 15 Feb 2007 06:49:45 -0500
Nessus ID : 10330
|
smtpscan |
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 6.0.3718.0 (Exchange 2003)
Nessus ID : 11421
|
SMTP Server Detection |
Synopsis :
An SMTP server is listening on the remote port.
Description :
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution :
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk factor :
None
Plugin output :
Remote SMTP server banner : 220 testing.omninerd.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 15 Feb 2007 06:49:45 -0500
Nessus ID : 10263
|
SMTP antivirus scanner DoS |
For some reason, we could not send the 42.zip file to this MTA BID : 3027
Nessus ID : 11036
|
[^] Back to 192.168.1.5
Detect CIS ports |
A CIS (COM+ Internet Services) server is listening on this port Server banner : ncacn_http/1.0
Nessus ID : 10761
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1064 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Remote RPC service TCP Port : 1064 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows process : wins.exe Type : Remote RPC service TCP Port : 1064 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1052 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0 Description : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Remote RPC service TCP Port : 1052 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC service TCP Port : 1052 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1052 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
Port netbios-ssn (139/tcp) |
SMB Detection |
An SMB server is running on this port
Nessus ID : 11011
|
[^] Back to 192.168.1.5 [^] Back to 192.168.1.5
Services |
A web server is running on this port
Nessus ID : 10330
|
HMAP |
This web server was fingerprinted as Microsoft-IIS/6.0 [on Windows 2003 SP1] which is consistent with the displayed banner: Microsoft-IIS/6.0
Nessus ID : 11919
|
HTTP Server type and version |
The remote web server type is :
Microsoft-IIS/6.0
Nessus ID : 10107
|
Find if IIS server allows BASIC and/or NTLM authentication |
The remote host appears to be running a version of IIS which allows remote users to determine which authentication schemes are required for confidential webpages.
Specifically, the following methods are enabled on the remote webserver: - IIS NTLM authentication is enabled
Solution : None at this time Risk factor : Low CVE : CVE-2002-0419 BID : 4235
Nessus ID : 11871
|
IIS Service Pack - 404 |
Synopsis :
The remote web server is running Microsoft IIS.
Description :
The Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk.
Note that this test makes assumptions of the remote patch level based on static return values (Content-Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed.
Solution:
Ensure that the server is running the latest stable Service Pack.
Risk factor :
None
Plugin output :
The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790
Nessus ID : 11874
|
[^] Back to 192.168.1.5
Port ms-wbt-server (3389/tcp) |
Windows Terminal Service Enabled |
Synopsis :
The Terminal Services are enabled on the remote host.
Description :
Terminal Services allow a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use this service to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimates users by impersonating the Windows server.
Solution :
Disable the Terminal Services if you do not use them, and do not allow this service to run across the internet
Risk factor :
None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) BID : 3099, 7258
Nessus ID : 10940
|
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability |
Synopsis :
It may be possible to get access to the remote host.
Description :
The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack.
An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords, ...).
Solution :
Force the use of SSL as a transport layer for this service.
See also :
http://www.oxid.it/downloads/rdp-gbu.pdf http://www.nessus.org/u?c544b1fa
Risk factor :
Medium / CVSS Base Score : 6 (AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N) CVE : CVE-2005-1794 BID : 13818 Other references : OSVDB:17131
Nessus ID : 18405
|
[^] Back to 192.168.1.5
Traceroute |
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.5 : 192.168.1.250 192.168.1.5
Nessus ID : 10287
|
[^] Back to 192.168.1.5
Port netbios-ns (137/tcp) |
Using NetBIOS to retrieve information from a Windows host |
Synopsis :
It is possible to obtain the network name of the remote host.
Description :
The remote host listens on udp port 137 and replies to NetBIOS nbtscan requests. By sending a wildcard request it is possible to obtain the name of the remote system and the name of its domain.
Risk factor :
None
Plugin output :
The following 8 NetBIOS names have been gathered :
TESTING = Computer name TESTING = File Server Service OMNINERD = Workgroup / Domain name OMNINERD = Domain Controllers OMNINERD = Browser Service Elections OMNINERD = Master Browser __MSBROWSE__ = Master Browser OMNINERD = Domain Master Browser
The remote host has the following MAC address on its adapter : 08:00:46:1c:f9:fc CVE : CVE-1999-0621 Other references : OSVDB:13577
Nessus ID : 10150
|
[^] Back to 192.168.1.5
OS Identification |
The remote host is running Microsoft Windows 2003 Server
Nessus ID : 11936
|
Information about the scan |
Information about this scan :
Nessus version : 3.0.4 Plugin feed version : 200701101815 Type of plugin feed : Registered (7 days delay) Scanner IP : 192.168.1.250 Port scanner(s) : nessus_tcp_scanner synscan Port range : default Thorough tests : yes Experimental tests : no Paranoia level : 0 Report Verbosity : 2 Safe checks : no Max hosts : 40 Max checks : 5 Scan Start Date : 2007/2/15 6:49 Scan duration : 1047 sec
Nessus ID : 19506
|
[^] Back to 192.168.1.5
NTP read variables |
An NTP (Network Time Protocol) server is listening on this port.
Risk factor : Low
Nessus ID : 10884
|
[^] Back to 192.168.1.5
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1054 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC service TCP Port : 1054 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1054 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5 [^] Back to 192.168.1.5
Port syscomlan (1065/tcp) |
DCE Services Enumeration |
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the port 135 it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 1065 :
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Remote RPC service TCP Port : 1065 IP : 192.168.1.5
Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Remote RPC service TCP Port : 1065 IP : 192.168.1.5
Nessus ID : 10736
|
[^] Back to 192.168.1.5
DNS Cache Snooping |
Synopsis :
Remote DNS server is vulnerable to Cache Snooping attacks.
Description :
The remote DNS server answers to queries for third party domains which do not have the recursion bit set.
This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.
For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of aforementioned financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more...
For a much more detailed discussion of the potential risks of allowing DNS cache information to be queried anonymously, please see: http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf
Risk factor :
Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Nessus ID : 12217
|
DNS Server Detection |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002
|
Usable remote name server |
Synopsis :
The remote name server allows recursive queries to be performed by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See also :
http://www.cert.org/advisories/CA-1997-22.html
Solution :
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command
Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor :
Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I) CVE : CVE-1999-0024 BID : 136, 678
Nessus ID : 10539
|
DNS Server Fingerprint |
It was not possible to fingerprint the remote DNS server.
If you know the type and version of the remote DNS server, please send the following signature to dns-signatures@nessus.org : t:t:t:t:t:t:t:t:2:2:t:2:2:2:2:2:t:t:4:2:2:t:t:
Nessus ID : 11951
|
[^] Back to 192.168.1.5
Port msft-gc-ssl (3269/tcp) |
|