Résultat d'une analyse nessus/nmap <style type="text/css"> <!-- BODY { BACKGROUND-COLOR: #ffffff } A { TEXT-DECORATION: none } A:visited { COLOR: #0000cf; TEXT-DECORATION: none } A:link { COLOR: #0000cf; TEXT-DECORATION: none } A:active { COLOR: #0000cf; TEXT-DECORATION: underline } A:hover { COLOR: #0000cf; TEXT-DECORATION: underline } OL { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } UL { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } P { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } BODY { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } TD { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } TR { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } TH { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif } FONT.title { BACKGROUND-COLOR: white; COLOR: #363636; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold } FONT.sub { BACKGROUND-COLOR: white; COLOR: #000000; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt } FONT.layer { COLOR: #ff0000; FONT-FAMILY: courrier,sans-serif,arial,helvetica; FONT-SIZE: 8pt; TEXT-ALIGN: left } TD.title { BACKGROUND-COLOR: #A2B5CD; COLOR: #555555; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold; HEIGHT: 20px; TEXT-ALIGN: right } TD.sub { BACKGROUND-COLOR: #DCDCDC; COLOR: #555555; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold; HEIGHT: 18px; TEXT-ALIGN: left } TD.content { BACKGROUND-COLOR: white; COLOR: #000000; FONT-FAMILY: tahoma,arial,helvetica,verdana,lucida console,utopia; FONT-SIZE: 8pt; TEXT-ALIGN: left; VERTICAL-ALIGN: middle } TD.default { BACKGROUND-COLOR: WHITE; COLOR: #000000; FONT-FAMILY: tahoma,arial,helvetica,verdana,lucida console,utopia; FONT-SIZE: 8pt; } TD.border { BACKGROUND-COLOR: #ccccA?; COLOR: black; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; HEIGHT: 25px } TD.border-HILIGHT { BACKGROUND-COLOR: #ffffcc; COLOR: black; FONT-FAMILY: verdana,arial,helvetica,lucida console,utopia; FONT-SIZE: 10pt; HEIGHT: 25px } --> </style> <table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="95%"> <tbody> <tr> <td> <table border=0 cellpadding=2 cellspacing=1 width="100%"> <tbody> <tr> <td class=title>Nessus Scan Report</td> </tr> <tr> <td class=content>This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats. </td> </tr> </tbody> </table></td> </tr> </tbody> </table> <br> <table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%"> <tbody> <tr> <td> <table border=0 cellpadding=2 cellspacing=1 width="100%"> <tbody> <tr> <td class=title colspan=2>Scan Details</td> </tr> <tr> <td class=default width="60%">Hosts which where alive and responding during test</td> <td class=default width="30%">1</td> </tr> <tr> <td class=default width="60%">Number of security holes found</td> <td class=default width="30%">3</td> </tr> <tr> <td class=default width="60%">Number of security warnings found</td> <td class=default width="30%">23</td> </tr> </tbody> </table></td> </tr> </tbody> </table> <br> <br> <a name="toc"></a> <table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%"> <tbody> <tr> <td> <table border=0 cellpadding=2 cellspacing=1 width="100%"> <tbody> <tr> <td class=title colspan=2>Host List</td> </tr> <tr> <td class=sub width="60%">Host(s)</td> <td class=sub width="40%">Possible Issue</td> </tr> <tr> <td class=default width="60%"><a href="#www_hote_com">www.hote.com</a></td> <td class=default width="40%"><font color=red>Security hole(s) found</font></td> </tr> </tbody> </table></td> </tr> </tbody> </table> <a name="www_hote_com"></a> <a name="www_hote_com_toc"></a> <div align="left"><font size=-2><a href="#toc">[ return to top ]</a></font></div> <br> <br> <table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%"> <tbody> <tr> <td> <table cellpadding=2 cellspacing=1 border=0 width="100%"> <tbody> <tr> <td class=title colspan=3>Analysis of Host</td> </tr> <tr> <td class=sub width="20%">Address of Host</td> <td class=sub width="30%">Port/Service</td> <td class=sub width="30%">Issue regarding Port</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_7_tcp">echo (7/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">discard (9/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_13_tcp">daytime (13/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_17_tcp">qotd (17/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_19_tcp">chargen (19/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_21_tcp">ftp (21/tcp)</a></td> <td class=default width="30%"><font color=red>Security hole found</font></td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">nameserver (42/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_80_tcp">http (80/tcp)</a></td> <td class=default width="30%"><font color=red>Security hole found</font></td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">kerberos (88/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">unknown (135/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_139_tcp">netbios-ssn (139/tcp)</a></td> <td class=default width="30%"><font color=red>Security hole found</font></td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">ldap (389/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">microsoft-ds (445/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">kpasswd (464/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_593_tcp">unknown (593/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">ldaps (636/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">unknown (1026/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_1029_tcp">unknown (1029/tcp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_1080_tcp">socks (1080/tcp)</a></td> <td class=default width="30%">Security notes found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">unknown (3268/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_3269_tcp">unknown (3269/tcp)</a></td> <td class=default width="30%">Security notes found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%">unknown (3372/tcp)</td> <td class=default width="30%">No Information</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_3389_tcp">unknown (3389/tcp)</a></td> <td class=default width="30%">Security notes found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_general_tcp">general/tcp</a></td> <td class=default width="30%">Security notes found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_137_udp">netbios-ns (137/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_19_udp">chargen (19/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_13_udp">daytime (13/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_7_udp">echo (7/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_17_udp">qotd (17/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_general_udp">general/udp</a></td> <td class=default width="30%">Security notes found</td> </tr> <tr> <td class=default width="20%">www.hote.com</td> <td class=default width="30%"><a href="#www_hote_com_123_udp">ntp (123/udp)</a></td> <td class=default width="30%">Security warning(s) found</td> </tr> </tbody> </table></td> </tr> </tbody> </table> <br> <br> <table bgcolor="#a1a1a1" cellpadding=0 cellspacing=0 border=0 width="75%"> <tbody> <tr> <td> <table cellpadding=2 cellspacing=1 border=0 width="100%"> <td class=title colspan=3>Security Issues and Fixes: www.hote.com</td> </tr> <tr> <td class=sub width="10%">Type</td> <td class=sub width="10%">Port</td> <td class=sub width="80%">Issue and Fix</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_7_tcp"></a>echo (7/tcp)</td> <td class=default width="80%">The 'echo' port is open. This port is<br> not of any use nowadays, and may be a source of problems, <br> since it can be used along with other ports to perform a denial<br> of service. You should really disable this service.<br> <br> Risk factor : Low<br> <br> Solution : comment out 'echo' in /etc/inetd.conf<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_7_tcp"></a>echo (7/tcp)</td> <td class=default width="80%">An echo server is running on this port</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_13_tcp"></a>daytime (13/tcp)</td> <td class=default width="80%">The daytime service is running.<br> The date format issued by this service<br> may sometimes help an attacker to guess<br> the operating system type. <br> <br> In addition to that, when the UDP version of<br> daytime is running, an attacker may link it <br> to the echo port using spoofing, thus creating<br> a possible denial of service.<br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_17_tcp"></a>qotd (17/tcp)</td> <td class=default width="80%">The quote service (qotd) is running.<br> <br> A server listens for TCP connections on TCP port 17. Once a connection <br> is established a short message is sent out the connection (and any <br> data received is thrown away). The service closes the connection <br> after sending the quote.<br> <br> Another quote of the day service is defined as a datagram based<br> application on UDP. A server listens for UDP datagrams on UDP port 17.<br> When a datagram is received, an answering datagram is sent containing <br> a quote (the data in the received datagram is ignored).<br> <br> <br> An easy attack is 'pingpong' which IP spoofs a packet between two machines<br> running qotd. They will commence spewing characters at each other, slowing<br> the machines down and saturating the network.<br> <br> <br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_19_tcp"></a>chargen (19/tcp)</td> <td class=default width="80%">The chargen service is running.<br> The 'chargen' service should only be enabled when testing the machine. <br> <br> When contacted, chargen responds with some random (something like all <br> the characters in the alphabet in row). When contacted via UDP, it <br> will respond with a single UDP packet. When contacted via TCP, it will <br> continue spewing characters until the client closes the connection. <br> <br> An easy attack is 'pingpong' which IP spoofs a packet between two machines<br> running chargen. They will commence spewing characters at each other, slowing<br> the machines down and saturating the network. <br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_19_tcp"></a>chargen (19/tcp)</td> <td class=default width="80%">Chargen is running on this port</td> </tr> <tr> <td valign=top class=default width="10%"><font color=red>Vulnerability</font></td> <td valign=top class=default width="10%"><a name="www_hote_com_21_tcp"></a>ftp (21/tcp)</td> <td class=default width="80%">It may be possible to make the remote FTP server crash<br> by sending the command 'STAT *?AAA...AAA.<br> <br> An attacker may use this flaw to prevent your site from distributing files<br> <br> *** Warning : we could not verify this vulnerability.<br> *** Nessus solely relied on the banner of this server<br> <br> Solution : Apply the relevant hotfix from Microsoft<br> <br> See:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp<br> <br> Risk factor : High<br> <a href="http://cgi.nessus.org/cve.php3?cve=CAN-2002-0073">CVE : CAN-2002-0073</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_21_tcp"></a>ftp (21/tcp)</td> <td class=default width="80%">An FTP server is running on this port.<br> Here is its banner : <br> 220 srvhote Microsoft FTP Service (Version 5.0). </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_21_tcp"></a>ftp (21/tcp)</td> <td class=default width="80%">Remote FTP server banner :<br> 220 srvhote Microsoft FTP Service (Version 5.0). </td> </tr> <tr> <td valign=top class=default width="10%"><font color=red>Vulnerability</font></td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%"><br> The IIS server appears to have the .SHTML ISAPI filter mapped.<br> <br> At least one remote vulnerability has been discovered for the<br> .SHTML filter. This is detailed in Microsoft Advisory MS02-018<br> and results in a denial of service access to the web server. <br> <br> It is recommended that even if you have patched this vulnerability that<br> you unmap the .SHTML extension, and any other unused ISAPI extensions<br> if they are not required for the operation of your site.<br> <br> An attacker may use this flaw to prevent the remote service<br> from working properly.<br> <br> *** Nessus reports this vulnerability using only<br> *** information that was gatherered. Use caution<br> *** when testing without safe checks enabled<br> <br> Solution: See <br> http://www.microsoft.com/technet/security/bulletin/ms02-018.asp<br> and/or unmap the shtml/shtm isapi filters.<br> <br> To unmap the .shtml extension:<br> 1.Open Internet Services Manager. <br> 2.Right-click the Web server choose Properties from the context menu. <br> 3.Master Properties <br> 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration <br> and remove the reference to .shtml/shtm and sht from the list.<br> <br> Risk factor : Medium<br> <a href="http://cgi.nessus.org/cve.php3?cve=CAN-2002-0072">CVE : CAN-2002-0072</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%"><br> The remote web server appears to be running with<br> Frontpage extensions. <br> <br> You should double check the configuration since<br> a lot of security problems have been found with<br> FrontPage when the configuration file is<br> not well set up.<br> <br> Risk factor : High if your configuration file is<br> not well set up<br> <a href="http://cgi.nessus.org/cve.php3?cve=CAN-2000-0114">CVE : CAN-2000-0114</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%"><br> IIS web server may allow remote users to read sensitive information<br> from .cnf files.<br> <br> Example, http://target/_vti_pvt%5csvcacl.cnf<br> <br> Solution: If you do not need .cnf files, then delete them, otherwise use<br> suitable access control lists to ensure that the .cnf files are not<br> world-readable. The files found on the server are as follows: /_vti_pvt%5caccess.cnf<br> /_vti_pvt%5csvcacl.cnf<br> /_vti_pvt%5cwriteto.cnf<br> /_vti_pvt%5cservice.cnf<br> /_vti_pvt%5cservices.cnf was found on web server.<br> .cnf files can give away confidential information regarding server configurationRisk factor : Medium</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%"><br> The IIS server appears to have the .IDA ISAPI filter mapped.<br> <br> At least one remote vulnerability has been discovered for the .IDA<br> (indexing service) filter. This is detailed in Microsoft Advisory<br> MS01-033, and gives remote SYSTEM level access to the web server. <br> <br> It is recommended that even if you have patched this vulnerability that<br> you unmap the .IDA extension, and any other unused ISAPI extensions<br> if they are not required for the operation of your site.<br> <br> Solution: <br> To unmap the .IDA extension:<br> 1.Open Internet Services Manager. <br> 2.Right-click the Web server choose Properties from the context menu. <br> 3.Master Properties <br> 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration <br> and remove the reference to .ida from the list.<br> <br> Risk factor : Medium<br> <a href="http://cgi.nessus.org/cve.php3?cve=CAN-2002-0071">CVE : CAN-2002-0071</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%">A web server is running on this port</td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_80_tcp"></a>http (80/tcp)</td> <td class=default width="80%">The remote web server type is :<br> <br> Microsoft-IIS/5.0 <br> <br> Solution : You can use urlscan to change reported server for IIS.</td> </tr> <tr> <td valign=top class=default width="10%"><font color=red>Vulnerability</font></td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%"><br> . It was possible to log into the remote host using a NULL session.<br> The concept of a NULL session is to provide a null username and<br> a null password, which grants the user the 'guest' access<br> <br> To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and<br> Q246261 (Windows 2000). <br> Note that this won't completely disable null sessions, but will <br> prevent them from connecting to IPC$<br> <br> . All the smb tests will be done as ''/'' in domain </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The domain SID can be obtained remotely. Its value is :<br> <br> XXXXX : X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX<br> <br> An attacker can use it to obtain the list of the local users of this host<br> Solution : filter the ports 137 to 139 and 445<br> Risk factor : Low<br> <br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-2000-1200">CVE : CVE-2000-1200</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The host SID can be obtained remotely. Its value is :<br> <br> XXXXX : X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX<br> <br> An attacker can use it to obtain the list of the local users of this host<br> Solution : filter the ports 137 to 139 and 445<br> Risk factor : Low<br> <br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-2000-1200">CVE : CVE-2000-1200</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The domain SID could be used to enumerate the names of the users<br> of this domain. <br> (we only enumerated users name whose ID is between 1000 and 1020<br> for performance reasons)<br> This gives extra knowledge to an attacker, which<br> is not a good thing : <br> - Administrator account name : Administrateur (id 500)<br> - Guest account name : Invit (id 501)<br> - TsInternetUser (id 1000)<br> - IUSR_HOTE (id 1001)<br> - IWAM_HOTE (id 1002)<br> - HOTE$ (id 1006)<br> <br> Risk factor : Medium<br> Solution : filter incoming connections this port<br> <br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-2000-1200">CVE : CVE-2000-1200</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%"><br> The guest user belongs to groups other than <br> guest users or domain guests.<br> <br> As guest should not have any privilege, you should<br> fix this.<br> <br> Risk factor : Medium</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The following accounts have never changed their password :<br> <br> TsInternetUser<br> IUSR_HOTE<br> IWAM_HOTE<br> <br> <br> To minimize the risk of break-in, users should<br> change their password regularly</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The following accounts have never logged in :<br> <br> Invit <br> TsInternetUser<br> <br> <br> Unused accounts are very helpful to hacker<br> Solution : suppress these accounts<br> Risk factor : Medium</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The following accounts have passwords which never expire :<br> <br> Administrateur<br> Invit <br> TsInternetUser<br> IUSR_HOTE<br> IWAM_HOTE<br> <br> <br> Password should have a limited lifetime<br> Solution : disable password non-expiry<br> Risk factor : Medium</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">Here is the browse list of the remote host : <br> <br> HOTE - <br> <br> <br> This is potentially dangerous as this may help the attack<br> of a potential hacker by giving him extra targets to check for<br> <br> Solution : filter incoming traffic to this port<br> Risk factor : Low<br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The remote native lan manager is : Windows 2000 LAN Manager<br> The remote Operating System is : Windows 5.0<br> The remote SMB Domain Name is : HOTE<br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The following users are in the domain administrator group :<br> . Administrateur<br> <br> You should make sure that only the proper users are member of this<br> group<br> Risk factor : Low</td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_139_tcp"></a>netbios-ssn (139/tcp)</td> <td class=default width="80%">The following accounts are disabled :<br> <br> Invit <br> <br> <br> To minimize the risk of break-in, permanently disabled accounts<br> should be deleted<br> Risk factor : Low</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_593_tcp"></a>unknown (593/tcp)</td> <td class=default width="80%">This detects the http-rpc-epmap service by connecting<br> to the port 593 and processing the buffer received.<br> <br> This endpoint mapper provides CIS (COM+ Internet Services)<br> parameters like port 135 (epmap) for RPC.<br> <br> Solution:<br> Deny incoming traffic from the Internet to TCP port 593<br> as it may become a security threat in the future, if a<br> vulnerability is discovered.<br> <br> For more information about CIS:<br> http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp<br> <br> Risk factor : Low</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_1029_tcp"></a>unknown (1029/tcp)</td> <td class=default width="80%">There is a CIS (COM+ Internet Services) on this port<br> Server banner :<br> ncacn_http/1.0</td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_1080_tcp"></a>socks (1080/tcp)</td> <td class=default width="80%">An unknown service is running on this port.<br> It is usually reserved for SOCKS</td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_3269_tcp"></a>unknown (3269/tcp)</td> <td class=default width="80%">The service closed the connection after 1 seconds without sending any data<br> It might be protected by some TCP wrapper<br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_3389_tcp"></a>unknown (3389/tcp)</td> <td class=default width="80%"><br> The Terminal Services are enabled on the remote host.<br> <br> Terminal Services allow a Windows user to remotely obtain<br> a graphical login (and therefore act as a local user on the<br> remote host).<br> <br> If an attacker gains a valid login and password, he may<br> be able to use this service to gain further access<br> on the remote host.<br> <br> <br> Solution : Disable the Terminal Services if you do not use them<br> Risk factor : Low</td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_general_tcp"></a>general/tcp</td> <td class=default width="80%">Nmap found that this host is running Windows Millennium Edition (Me), Win 2000, or WinXP<br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_137_udp"></a>netbios-ns (137/udp)</td> <td class=default width="80%">. The following 12 NetBIOS names have been gathered :<br> HOTE <br> HOTE <br> HOTE05 <br> HOTE05 <br> HOTE05 <br> HOTE <br> HOTE05 <br> HOTE05 <br> __MSBROWSE__ <br> INet~Services <br> IS~SRVHOTE <br> ADMINISTRATEUR <br> . The remote host has the following MAC address on its adapter :<br> 0xXX 0xXX 0xXX 0xXX 0xXX 0xXX <br> <br> If you do not want to allow everyone to find the NetBios name<br> of your computer, you should filter incoming traffic to this port.<br> <br> Risk factor : Medium</td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_19_udp"></a>chargen (19/udp)</td> <td class=default width="80%">The chargen service is running.<br> The 'chargen' service should only be enabled when testing the machine. <br> <br> When contacted, chargen responds with some random (something like all <br> the characters in the alphabet in row). When contacted via UDP, it <br> will respond with a single UDP packet. When contacted via TCP, it will <br> continue spewing characters until the client closes the connection. <br> <br> An easy attack is 'pingpong' which IP spoofs a packet between two machines<br> running chargen. They will commence spewing characters at each other, slowing<br> the machines down and saturating the network. <br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_13_udp"></a>daytime (13/udp)</td> <td class=default width="80%">The daytime service is running.<br> The date format issued by this service<br> may sometimes help an attacker to guess<br> the operating system type. <br> <br> In addition to that, when the UDP version of<br> daytime is running, an attacker may link it <br> to the echo port using spoofing, thus creating<br> a possible denial of service.<br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_7_udp"></a>echo (7/udp)</td> <td class=default width="80%">The 'echo' port is open. This port is<br> not of any use nowadays, and may be a source of problems, <br> since it can be used along with other ports to perform a denial<br> of service. You should really disable this service.<br> <br> Risk factor : Low<br> <br> Solution : comment out 'echo' in /etc/inetd.conf<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_17_udp"></a>qotd (17/udp)</td> <td class=default width="80%">The quote service (qotd) is running.<br> <br> A server listens for TCP connections on TCP port 17. Once a connection <br> is established a short message is sent out the connection (and any <br> data received is thrown away). The service closes the connection <br> after sending the quote.<br> <br> Another quote of the day service is defined as a datagram based<br> application on UDP. A server listens for UDP datagrams on UDP port 17.<br> When a datagram is received, an answering datagram is sent containing <br> a quote (the data in the received datagram is ignored).<br> <br> <br> An easy attack is 'pingpong' which IP spoofs a packet between two machines<br> running qotd. They will commence spewing characters at each other, slowing<br> the machines down and saturating the network.<br> <br> <br> <br> Solution : disable this service in /etc/inetd.conf.<br> <br> Risk factor : Low<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0103">CVE : CVE-1999-0103</a><br> </td> </tr> <tr> <td valign=top class=default width="10%">Informational</td> <td valign=top class=default width="10%"><a name="www_hote_com_general_udp"></a>general/udp</td> <td class=default width="80%">For your information, here is the traceroute to XXX.XXX.XXX.XXX : <br> XXX.X.X.XXX<br> XXX.XXX.XXX.XXX<br> </td> </tr> <tr> <td valign=top class=default width="10%">Warning</td> <td valign=top class=default width="10%"><a name="www_hote_com_123_udp"></a>ntp (123/udp)</td> <td class=default width="80%"><br> An NTP server is running on the remote host. Make sure that<br> you are running the latest version of your NTP server,<br> has some versions have been found out to be vulnerable to<br> buffer overflows.<br> <br> *** Nessus reports this vulnerability using only<br> *** information that was gathered. Use caution<br> *** when testing without safe checks enabled.<br> <br> If you happen to be vulnerable : upgrade<br> Solution : Upgrade<br> Risk factor : High<br> <a href="http://cgi.nessus.org/cve.php3?cve=CVE-2001-0414">CVE : CVE-2001-0414</a><br> </td> </tr> </table></td> </tr> </tbody> </table> <hr> <i>This file was generated by <a href="http://www.nessus.org">Nessus</a>, the open-sourced security scanner.</i> </TD> </body></html>