Information found on port general/tcp
The remote host is up
Nessus ID : 10180
Information found on port general/tcp
193.165.105.179 resolves as skola.no-ip.info.
Nessus ID : 12053
Information found on port general/tcp
Remote operating system : Linux Kernel 2.4 on Debian 3.1 (sarge)
Confidence Level : 95
Method : SSH
The remote host is running Linux Kernel 2.4 on Debian 3.1 (sarge)
Nessus ID : 11936
Information found on port general/tcp
Synopsis :
The remote service implements TCP timestamps.
Description :
The remote host implements TCP timestamps, as defined by RFC1323.
A side effect of this feature is that the uptime of the remote
host can be sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt
Risk factor :
None
Nessus ID : 25220
Information found on port general/tcp
Information about this scan :
Nessus version : 2.2.8 (Nessus 2.2.10 is available - consider upgrading)
Plugin feed version : 200709271215
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.2.155
Port scanner(s) : nessus_tcp_scanner
Port range : 1-15000
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 20
Max checks : 4
Scan Start Date : 2007/9/28 2:44
Scan duration : 390 sec
Nessus ID : 19506
Information found on port msft-gc-ssl (3269/tcp)
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper
Nessus ID : 10330
Warning found on port ms-wbt-server (3389/tcp)
Synopsis :
It may be possible to get access to the remote host.
Description :
The remote version of Remote Desktop Protocol Server (Terminal Service) is
vulnerable to a man in the middle attack.
An attacker may exploit this flaw to decrypt communications between client
and server and obtain sensitive information (passwords, ...).
Solution :
Force the use of SSL as a transport layer for this service.
See also :
http://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?c544b1fa
Risk factor :
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
CVE : CVE-2005-1794
BID : 13818
Other references : OSVDB:17131
Nessus ID : 18405
Information found on port ms-wbt-server (3389/tcp)
Synopsis :
The remote Windows host has Terminal Services enabled.
Description :
Terminal Services allows a Windows user to remotely obtain a graphical
login (and therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimate users by impersonating the Windows server.
Solution :
Disable Terminal Services if you do not use it, and do not allow this
service to run across the Internet.
Risk factor :
None
Nessus ID : 10940
Warning found on port vnc-http (5800/tcp)
The remote server is running VNC.
VNC permits a console to be displayed remotely.
Solution: Disable VNC access from the network by
using a firewall, or stop VNC service if not needed.
Risk factor : Medium
Nessus ID : 10758
Information found on port vnc-http (5800/tcp)
A web server is running on this port
Nessus ID : 10330
Information found on port vnc-http (5800/tcp)
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
RealVNC/4.0
Nessus ID : 10107
Information found on port vnc-http (5800/tcp)
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Solution :
None.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Server: RealVNC/4.0
Date: Thu, 27 Sep 2007 22:46:33 GMT
Last-Modified: Thu, 27 Sep 2007 22:46:33 GMT
Content-Length: 240
Connection: close
Content-Type: text/html
Nessus ID : 24260
Information found on port vnc (5900/tcp)
Synopsis :
The remote host is running a remote display software (VNC).
Description :
The remote server is running VNC, a software which permits a console
to be displayed remotely. This allows users to control the host
remotely.
Solution :
Make sure the use of this software is done in accordance with your
corporate security policy and filter incoming traffic to this port.
Risk factor :
None
Plugin output :
The version of the VNC protocol is : RFB 004.000
Nessus ID : 10342
Information found on port vnc (5900/tcp)
The remote VNC server supports those security types:
+ 5 (RA2)
Nessus ID : 19288
Information found on port ssh (22/tcp)
An ssh server is running on this port
Nessus ID : 10330
Information found on port ssh (22/tcp)
Synopsis :
An SSH server is listening on this port.
Description :
It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Risk factor :
None
Plugin output :
SSH version : SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6
SSH supported authentication : publickey,keyboard-interactive
Nessus ID : 10267
Information found on port ssh (22/tcp)
Synopsis :
A SSH server is running on the remote host.
Description :
This plugin determines which versions of the SSH protocol
the remote SSH daemon supports.
Risk factor :
None
Plugin output :
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
SSHv2 host key fingerprint : be:f5:1f:31:d7:19:59:7b:02:d8:2b:2b:ff:de:9b:5c
Nessus ID : 10881
Information found on port hosts2-ns (81/tcp)
A web server is running on this port
Nessus ID : 10330
Information found on port hosts2-ns (81/tcp)
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
RomPager/4.07 UPnP/1.0
Nessus ID : 10107
Information found on port hosts2-ns (81/tcp)
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Solution :
None.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT
Headers :
WWW-Authenticate: Basic realm="Prestige 650R-33"
Content-Type: text/html
Transfer-Encoding: chunked
Server: RomPager/4.07 UPnP/1.0
Connection: close
EXT:
Nessus ID : 24260
Information found on port unknown (1028/tcp)
A CIS (COM+ Internet Services) server is listening on this port
Server banner :
ncacn_http/1.0
Nessus ID : 10761
Information found on port pptp (1723/tcp)
Synopsis :
A VPN server is listening on the remote port.
Description :
The remote host is running a PPTP (Point-to-Point Tunneling Protocol)
server. It allows users to set up a tunnel between their host and the
network the remote host is attached to.
Make sure the use of this software is done in accordance with your
corporate security policy.
Solution :
Disable this software if you do not use it
Risk factor :
None
Plugin output :
It was possible to extract the following information from the remote PPTP server :
Firmware Version : 3790
Vendor Name : Microsoft
Nessus ID : 10622
Warning found on port domain (53/udp)
Synopsis :
Remote DNS server is vulnerable to cache snooping attacks.
Description :
The remote DNS server answers to queries for third-party domains which
do not have the recursion bit set.
This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.
For instance, if an attacker was interested in whether your company
utilizes the online services of a particular financial institution,
they would be able to use this attack to build a statistical model
regarding company usage of aforementioned financial institution. Of
course, the attack can also be used to find B2B partners, web-surfing
patterns, external mail servers, and more...
See also :
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
http://www.nessus.org/u?0f22a4a4
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Nessus ID : 12217
Warning found on port domain (53/udp)
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also :
http://www.cert.org/advisories/CA-1997-22.html
Solution :
Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE : CVE-1999-0024
BID : 136, 678
Nessus ID : 10539
Information found on port domain (53/udp)
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002
Information found on port domain (53/udp)
Nessus was not able to reliable identify the remote DNS server type.
It might be :
ISC BIND 9.3.0
ISC BIND 9.3.1
The fingerprint differs from these known signatures on 2 points.
If you know which DNS server this host is actually running, please send this signature to
dns-signatures@nessus.org :
4q:2:5:1q:1:1q:1q:1q:1q:0X:0AAX:0X:0X:0Z0X:0X:0X:4q:4q:4q:0X:0X:2:0AAXD:
Nessus ID : 11951
Information found on port domain (53/tcp)
Synopsis :
It is possible to obtain the version number of the remote DNS server.
Description :
The remote host is running BIND, an open-source DNS server. It is possible
to extract the version number of the remote installation by sending
a special DNS request for the text 'version.bind' in the domain 'chaos'.
Solution :
It is possible to hide the version number of bind by using the 'version'
directive in the 'options' section in named.conf
Risk factor :
None
Plugin output:
The version of the remote BIND server is : ns1.skynet.cz
Other references : OSVDB:23
Nessus ID : 10028
Information found on port domain (53/tcp)
A DNS server is running on this port but it only
answers to UDP requests.
This means that TCP requests are blocked by a firewall.
This configuration is not RFC-compliant. Contrary to
common belief, TCP transport is not restricted to zone
transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
over TCP.
- for all other requests, UDP is only 'preferred' for
performance reasons. i.e. RFC1035 (STD0013) does not forbid
a DNS client from issuing its queries directly over TCP.
** If you are sure that your DNS server will never return
** answers bigger than 512 bytes and that the client
** software prefers UDP (which is nearly certain), you may
** disregard this message.
Read RFC1035 (STD0013) for more information.
Risk factor : None
Nessus ID : 18356
Information found on port general/udp
For your information, here is the traceroute from 192.168.2.155 to 193.165.105.179 :
192.168.2.155
192.168.2.1
89.177.117.1
86.49.54.1
194.50.100.30
193.165.111.7
193.165.105.179
Nessus ID : 10287