Nessus Scan Report

Windows XP Default Install

Scan was completed with Nessus 2.0 and NMAP.

Nessus Scan Report

This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which where alive and responding during test	1
Number of security holes found	1
Number of security warnings found	8

Host List
Host(s)	Possible Issue
151.108.232.190	Security hole(s) found

[ return to top ]

Analysis of Host
Address of Host	Port/Service	Issue regarding Port
151.108.232.190	netbios-ssn (139/tcp)	Security hole found
151.108.232.190	loc-srv (135/tcp)	Security warning(s) found
151.108.232.190	microsoft-ds (445/tcp)	Security notes found
151.108.232.190	LSA-or-nterm (1026/tcp)	Security notes found
151.108.232.190	UPnP (5000/tcp)	Security notes found
151.108.232.190	ntp (123/udp)	Security warning(s) found
151.108.232.190	general/udp	Security notes found
151.108.232.190	general/icmp	Security warning(s) found
151.108.232.190	general/tcp	Security warning(s) found
151.108.232.190	netbios-ns (137/udp)	Security warning(s) found
151.108.232.190	ms-lsa (1028/udp)	Security notes found

Security Issues and Fixes: 151.108.232.190
Type	Port	Issue and Fix
Vulnerability	netbios-ssn (139/tcp)	. It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html . All the smb tests will be done as ''/'' CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222 BID : 990 Nessus ID : 10394
Warning	netbios-ssn (139/tcp)	The domain SID can be obtained remotely. Its value is : WORKGROUP : 0-0-0-0-0 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 BID : 959 Nessus ID : 10398
Warning	netbios-ssn (139/tcp)	The host SID can be obtained remotely. Its value is : TEST-NNT8C1V6TP : 5-21-1202660629-2146845795-1343024091 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 BID : 959 Nessus ID : 10859
Warning	netbios-ssn (139/tcp)	Here is the browse list of the remote host : INTSERVTEST01 - TEST-NNT8C1V6 - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low Nessus ID : 10397
Informational	netbios-ssn (139/tcp)	The remote native lan manager is : Windows 2000 LAN Manager The remote Operating System is : Windows 5.1 The remote SMB Domain Name is : WORKGROUP Nessus ID : 10785
Warning	loc-srv (135/tcp)	DCE services running on the remote can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\AudioSrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\tapsrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[tapsrvlpc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[wzcsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[OLE5] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\AudioSrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\tapsrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[tapsrvlpc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[wzcsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[OLE5] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\AudioSrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\tapsrv] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncalrpc[tapsrvlpc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncalrpc[wzcsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncalrpc[OLE5] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\AudioSrv] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\tapsrv] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[tapsrvlpc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[wzcsvc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[OLE5] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\wkssvc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\keysvc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[keysvc] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\W32TIME] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\trkwks] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[trkwks] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\SECLOGON] Annotation: Messenger Service Nessus ID : 10736
Informational	loc-srv (135/tcp)	A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\msgsvc] Annotation: Messenger Service Nessus ID : 10736
Informational	microsoft-ds (445/tcp)	A CIFS server is running on this port Nessus ID : 11011
Informational	LSA-or-nterm (1026/tcp)	A DCE service is listening on this port UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1026] Nessus ID : 10736
Informational	LSA-or-nterm (1026/tcp)	A DCE service is listening on this port UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1026] Nessus ID : 10736
Informational	LSA-or-nterm (1026/tcp)	A DCE service is listening on this port UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1026] Nessus ID : 10736
Informational	LSA-or-nterm (1026/tcp)	A DCE service is listening on this port UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1026] Annotation: Messenger Service Nessus ID : 10736
Informational	UPnP (5000/tcp)	A web server is running on this port Nessus ID : 10330
Warning	ntp (123/udp)	An NTP server is running on the remote host. Make sure that you are running the latest version of your NTP server, has some versions have been found out to be vulnerable to buffer overflows. * Nessus reports this vulnerability using only * information that was gathered. Use caution *** when testing without safe checks enabled. If you happen to be vulnerable : upgrade Solution : Upgrade Risk factor : High CVE : CVE-2001-0414 BID : 2540 Nessus ID : 10647
Informational	ntp (123/udp)	It is possible to determine a lot of information about the remote host by querying the NTP variables - these include OS descriptor, and time settings. Theoretically one could work out the NTP peer relationships and track back network settings from this. Quickfix: Set NTP to restrict default access to ignore all info packets: restrict default ignore Risk factor : Low Nessus ID : 10884
Informational	general/udp	For your information, here is the traceroute to 151.108.232.190 : 151.108.232.190 Nessus ID : 10287
Warning	general/icmp	The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 Nessus ID : 10114
Warning	general/tcp	The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things. Solution : Contact your vendor for a patch Risk factor : Low Nessus ID : 10201
Informational	general/tcp	Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP CVE : CAN-1999-0454 Nessus ID : 11268
Warning	netbios-ns (137/udp)	. The following 6 NetBIOS names have been gathered : TEST-NNT8C1V6TP WORKGROUP TEST-NNT8C1V6TP TEST-NNT8C1V6TP WORKGROUP TESTOR . The remote host has the following MAC address on its adapter : 0x00 0x50 0xda 0x5a 0x26 0x11 If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Risk factor : Medium CVE : CAN-1999-0621 Nessus ID : 10150
Informational	ms-lsa (1028/udp)	A DCE service is listening on this port UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncadg_ip_udp:151.108.232.190[1028] Annotation: Messenger Service Nessus ID : 10736

This file was generated by Nessus, the open-sourced security scanner.