Nessus Scan Report ------------------ SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 1 - Number of security warnings found : 8 - Number of security notes found : 35 TESTED HOSTS 151.108.232.190 (Security holes found) DETAILS + 151.108.232.190 : . List of open ports : o loc-srv (135/tcp) (Security warnings found) o netbios-ssn (139/tcp) (Security hole found) o microsoft-ds (445/tcp) (Security notes found) o NFS-or-IIS (1025/tcp) (Security notes found) o UPnP (5000/tcp) (Security notes found) o unknown (8849/tcp) o general/udp (Security notes found) o ntp (123/udp) (Security warnings found) o general/tcp (Security warnings found) o general/icmp (Security warnings found) o netbios-ns (137/udp) (Security warnings found) o unknown (1027/udp) (Security notes found) . Warning found on port loc-srv (135/tcp) DCE services running on the remote can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1 Endpoint: ncalrpc[LRPC00000424.00000001] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[wzcsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[OLE3] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[wzcsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[OLE3] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncalrpc[wzcsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncalrpc[OLE3] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[wzcsvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[OLE3] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\atsvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[AudioSrv] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\wkssvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\keysvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[keysvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\W32TIME] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\pipe\trkwks] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[trkwks] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\SECLOGON] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\msgsvc] Annotation: Messenger Service . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\DAV RPC SERVICE] . Information found on port loc-srv (135/tcp) A DCE service is listening on this host UUID: 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1 Endpoint: ncacn_np:\\TEST-NNT8C1V6TP[\PIPE\winreg] . Vulnerability found on port netbios-ssn (139/tcp) : . It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html . All the smb tests will be done as ''/'' CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222 BID : 990 . Warning found on port netbios-ssn (139/tcp) The domain SID can be obtained remotely. Its value is : WORKGROUP : 0-0-0-0-0 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 BID : 959 . Warning found on port netbios-ssn (139/tcp) The host SID can be obtained remotely. Its value is : TEST-NNT8C1V6TP : 5-21-1202660629-2146845795-1343024091 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 BID : 959 . Warning found on port netbios-ssn (139/tcp) Here is the browse list of the remote host : INTSERVTEST01 - TEST-NNT8C1V6 - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low . Information found on port netbios-ssn (139/tcp) The remote native lan manager is : Windows 2000 LAN Manager The remote Operating System is : Windows 5.1 The remote SMB Domain Name is : WORKGROUP . Information found on port microsoft-ds (445/tcp) A CIFS server is running on this port . Information found on port NFS-or-IIS (1025/tcp) A DCE service is listening on this port UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1025] . Information found on port NFS-or-IIS (1025/tcp) A DCE service is listening on this port UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1025] . Information found on port NFS-or-IIS (1025/tcp) A DCE service is listening on this port UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1025] . Information found on port NFS-or-IIS (1025/tcp) A DCE service is listening on this port UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_ip_tcp:151.108.232.190[1025] Annotation: Messenger Service . Information found on port UPnP (5000/tcp) A web server is running on this port . Information found on port general/udp For your information, here is the traceroute to 151.108.232.190 : 151.108.232.190 . Warning found on port ntp (123/udp) An NTP server is running on the remote host. Make sure that you are running the latest version of your NTP server, has some versions have been found out to be vulnerable to buffer overflows. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. If you happen to be vulnerable : upgrade Solution : Upgrade Risk factor : High CVE : CVE-2001-0414 BID : 2540 . Information found on port ntp (123/udp) It is possible to determine a lot of information about the remote host by querying the NTP variables - these include OS descriptor, and time settings. Theoretically one could work out the NTP peer relationships and track back network settings from this. Quickfix: Set NTP to restrict default access to ignore all info packets: restrict default ignore Risk factor : Low . Warning found on port general/tcp The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things. Solution : Contact your vendor for a patch Risk factor : Low . Information found on port general/tcp Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP CVE : CAN-1999-0454 . Warning found on port general/icmp The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 . Warning found on port netbios-ns (137/udp) . The following 5 NetBIOS names have been gathered : TEST-NNT8C1V6TP WORKGROUP TEST-NNT8C1V6TP TEST-NNT8C1V6TP WORKGROUP . The remote host has the following MAC address on its adapter : 0x00 0x50 0xda 0x5a 0x26 0x11 If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Risk factor : Medium CVE : CAN-1999-0621 . Information found on port unknown (1027/udp) A DCE service is listening on this port UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncadg_ip_udp:151.108.232.190[1027] Annotation: Messenger Service ------------------------------------------------------ This file was generated by the Nessus Security Scanner