| Security Issues and Fixes: 192.168.1.7 |
| Type |
Port |
Issue and Fix |
| Warning |
general/tcp |
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
Nessus ID : 11618 |
| Warning |
general/tcp |
The remote host might be vulnerable to a sequence number approximation
bug, which may allow an attacker to send spoofed RST packets to the remote
host and close established connections.
This may cause problems for some dedicated services (BGP, a VPN over
TCP, etc...).
Solution : See http://www.securityfocus.com/bid/10183/solution/
Risk factor : Medium
CVE : CAN-2004-0230
BID : 10183
Other references : OSVDB:4030, IAVA:2004-A-0007
Nessus ID : 12213 |
| Warning |
general/tcp |
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.
Risk factor : Low
Nessus ID : 11834 |
| Informational |
general/tcp |
The remote host is up
Nessus ID : 10180 |
| Informational |
general/tcp |
TCP inject NIDS evasion function is enabled. Some tests might
run slowly and you may get some false negative results.
Nessus ID : 10889 |
| Informational |
general/tcp |
The remote host is running Microsoft Windows 2000 Professional
Nessus ID : 11936 |
| Informational |
ftp (21/tcp) |
An unknown service is running on this port.
It is usually reserved for FTP
Nessus ID : 10330 |
| Informational |
ftp (21/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
Back Construction
Blade Runner
Cattivik FTP Server
CC Invader
Dark FTP
Doly Trojan
Fore
FreddyK
Invisible FTP
Juggernaut 42
Larva
MotIv FTP
Net Administrator
Ramen
RTB 666
Senna Spy FTP server
The Flu
Traitor 21
WebEx
WinCrash
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
| Warning |
epmap (135/tcp) |
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
Nessus ID : 10736 |
| Vulnerability |
general/icmp |
The remote host is vulnerable to an 'Etherleak' -
the remote ethernet driver seems to leak bits of the
content of the memory of the remote operating system.
Note that an attacker may take advantage of this flaw
only when its target is on the same physical subnet.
See also : http://www.atstake.com/research/advisories/2003/a010603-1.txt
Solution : Contact your vendor for a fix
Risk factor : Serious
CVE : CAN-2003-0001
BID : 6535
Nessus ID : 11197 |
| Warning |
netbios-ns (137/udp) |
The remote host is running a version of the NetBT name
service which suffers from a memory disclosure problem.
An attacker may send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from
the remote host memory. This arbitrary data may be a fragment from
the web page the remote user is viewing, or something more serious
like a POP password or anything else.
An attacker may use this flaw to continuously 'poll' the content
of the memory of the remote host and might be able to obtain sensitive
information.
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-034.mspx
Risk Factor : Medium
CVE : CAN-2003-0661
BID : 8532
Nessus ID : 11830 |
| Warning |
netbios-ns (137/udp) |
The following 3 NetBIOS names have been gathered :
W2K_DEFAULT
WORKGROUP = Workgroup / Domain name
W2K_DEFAULT = This is the computer name
The remote host has the following MAC address on its adapter :
00:0c:29:86:f7:35
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
Nessus ID : 10150 |
| Informational |
general/udp |
For your information, here is the traceroute to 192.168.1.7 :
192.168.1.3
192.168.1.7
Nessus ID : 10287 |
| Informational |
cap (1026/tcp) |
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.7[1026]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.7[1026]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.7[1026]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.7[1026]
Solution : filter incoming traffic to this port.
Risk Factor : Low
Nessus ID : 10736 |