Scan Report. March 6, 2015

Transcription

1 Scan Report March 6, 2015 This document reports on the results of an automatic security scan. The scan started at Fri Mar 6 14:15: UTC and ended at Fri Mar 6 14:25: UTC. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue. Contents 1 Result Overview 2 2 Results per Host general/tcp general/icmp general/cpe-t /tcp /tcp /udp /udp

2 2 RESULTS PER HOST 2 1 Result Overview Host High Medium Low False Positive ELS-WINXP Total: Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level Debug are not shown. Issues with the threat level False Positive are not shown. This report contains all 12 results selected by the filtering described above. there were 12 results. Before filtering 2 Results per Host Host scan start Host scan end Fri Mar 6 14:15: UTC Fri Mar 6 14:25: UTC Service (Port) general/tcp general/icmp general/cpe-t 445/tcp 139/tcp 137/udp 123/udp Threat Level general/tcp (CVSS: 7.8) NVT: 3com switch2hub The remote host is subject to the switch to hub flood attack. Description :

3 2 RESULTS PER HOST 3 The remote host on the local network seems to be connected through a switch which can be turned into a hub when flooded by different mac addresses. The theory is to send a lot of packets (> ) to the port of the switch we are connected to, with random mac addresses. This turns the switch into learning mode, where traffic goes everywhere. An attacker may use this flaw in the remote switch to sniff data going to this host Reference : OID of test routine: Fake IP address not specified. Skipping this check. Solution Lock Mac addresses on each port of the remote switch or buy newer switch. Vulnerability Detection Method Details:3com switch2hub OID: Version used: $Revision: 15 $ NVT: OS fingerprinting This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version. OID of test routine: ICMP based OS fingerprint results: (91% confidence) Microsoft Windows

4 2 RESULTS PER HOST 4 Details:OS fingerprinting OID: Version used: $Revision: 43 $ References Other: URL: NVT: Traceroute A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct. OID of test routine: Here is the route from to : Solution Block unwanted packets from escaping your network. Details:Traceroute OID: Version used: $Revision: 975 $ general/icmp

5 2 RESULTS PER HOST 5 NVT: ICMP Timestamp Detection The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be used to exploit weak time-based random number generators in other services. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Details:ICMP Timestamp Detection OID: Version used: $Revision: 13 $ References CVE: CVE Other: URL: general/cpe-t NVT: CPE Inventory This routine uses information collected by other routines about CPE identities ( of operating systems, services and applications detected during the scan. OID of test routine:

6 2 RESULTS PER HOST cpe:/o:microsoft:windows Details:CPE Inventory OID: Version used: $Revision: 314 $ /tcp NVT: SMB NativeLanMan It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication. OID of test routine: : It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication.detected SMB workgroup: WORKGROUP Detected SMB server: Windows 2000 LAN Manager Detected OS: Windows 5.1 Details:SMB NativeLanMan OID: Version used: $Revision: 43 $ NVT: SMB log in

7 2 RESULTS PER HOST 7 This script attempts to logon into the remote host using login/password credentials. OID of test routine: It was possible to log into the remote host using the SMB protocol. Details:SMB log in OID: Version used: $Revision: 1032 $ NVT: SMB on port 445 This script detects wether port 445 and 139 are open and if thet are running SMB servers. OID of test routine: A CIFS server is running on this port Details:SMB on port 445 OID: Version used: $Revision: 41 $ NVT: SMB Brute Force ins With Default Credentials A number of known default credentials is tried for log in via SMB protocol.

8 2 RESULTS PER HOST 8 OID of test routine: It was possible to log into the remote host using the SMB protocol. Solution Change the password as soon as possible. Details:SMB Brute Force ins With Default Credentials OID: Version used: $Revision: 549 $ /tcp NVT: SMB on port 445 This script detects wether port 445 and 139 are open and if thet are running SMB servers. OID of test routine: An SMB server is running on this port Details:SMB on port 445 OID: Version used: $Revision: 41 $ /udp

9 2 RESULTS PER HOST 9 NVT: Using NetBIOS to retrieve information from a Windows host The NetBIOS port is open (UDP:137). A remote attacker may use this to gain access to sensitive information such as computer name, workgroup/domain name, currently logged on user name, etc. OID of test routine: The following 6 NetBIOS names have been gathered : ELS-WINXP = This is the computer name registered for workstation services by a WINS client. WORKGROUP = Workgroup / Domain name ELS-WINXP = Computer name WORKGROUP = Workgroup / Domain name (part of the Browser elections) WORKGROUP MSBROWSE The remote host has the following MAC address on its adapter : 00:50:56:b1:ab:1b If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Solution Block those ports from outside communication Details:Using NetBIOS to retrieve information from a Windows host OID: Version used: $Revision: 41 $ /udp NVT: NTP read variables A NTP (Network Time Protocol) server is listening on this port.

10 2 RESULTS PER HOST 10 OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Details:NTP read variables OID: Version used: $Revision: 487 $ This file was automatically generated.