I scanned one of my firewalls just for the fun of it.
We've been using Nessus for scanning a client's network
to prepare for a security audit. Nothing fancy, just
a "default, don't DOS or destroy anything" type of
scan. Thought you all might be interested. Dach CD
1.02 (I updated some packages awhile back, libz...)
It says the WWW server crashed. This is Weblet. It
didn't crash really, it kinda got confused. When I
looked it was running 20 or so servers, a bunch of seds,
and was not responding to requests. I killed a bunch of
processes, then it restarted itself.
Here it is...
Nessus Scan Report
------------------
SUMMARY
- Number of hosts which were alive during the test : 1
- Number of security holes found : 0
- Number of security warnings found : 6
- Number of security notes found : 9
TESTED HOSTS
64.252.129.83 (Security warnings found)
DETAILS
+ 64.252.129.83 :
. List of open ports :
o general/tcp (Security warnings found)
o ssh (22/tcp) (Security warnings found)
o http (80/tcp) (Security warnings found)
o unknown (5901/tcp) (Security warnings found)
o general/udp (Security notes found)
. Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it
is
possible to predict the next value of the ip_id
field of
the ip packets sent by this host.
An attacker may use this feature to determine if the
remote
host sent a packet in reply to another request. This
may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor :
Low
. Information found on port general/tcp
"Default scan" set. nmap will ignore the user
specified port range and scan
only the 1024 first ports and those declared in
nmap-services
. Information found on port general/tcp
Nmap found that this host is running Linux 2.1.122 -
2.2.16
. Warning found on port ssh (22/tcp)
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH
protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol'
to '2'
If you use SSH.com's set the
option 'Ssh1Compatibility' to 'no'
Risk factor :
Low
. Warning found on port ssh (22/tcp)
You are running a version of OpenSSH older than
OpenSSH 3.2.1
A buffer overflow exists in the daemon if AFS is
enabled on
your system, or if the options KerberosTgtPassing or
AFSTokenPassing are enabled. Even in this scenario,
the
vulnerability may be avoided by enabling
UsePrivilegeSeparation.
Versions prior to 2.9.9 are vulnerable to a remote
root
exploit. Versions prior to 3.2.1 are vulnerable to a
local
root exploit.
Solution :
Upgrade to the latest version of OpenSSH
Risk factor :
High
. Information found on port ssh (22/tcp)
a ssh server is running on this
port
. Information found on port ssh (22/tcp)
Remote SSH version :
SSH-1.99-OpenSSH_3.1p1
. Information found on port ssh (22/tcp)
The remote SSH daemon supports the following
versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
. Warning found on port http (80/tcp)
The port was detected as opened by scanner but is
now closed. The service
was probably crashed by the
scanner
. Information found on port http (80/tcp)
a web server is running on this
port
. Information found on port http (80/tcp)
The remote web server type is :
ShellHTTPD/0.4.1
We recommend that you configure your web server to
return
bogus versions in order to not leak information
. Information found on port http (80/tcp)
For your information, here is the list of CGIs
that are used by the remote host, as well as their
arguments :
Syntax: cginame (arguments [default value])
/cgi-bin/checkfw ( verbose )
/cgi-bin/checkmem ( verbose )
/cgi-bin/checkdisk ( verbose )
/cgi-bin/viewlogs ( messages )
/cgi-bin/viewlogs-www ( sh-httpd.log
)
. Warning found on port unknown (5901/tcp)
The remote server is running VNC.
VNC permits a console to be displayed remotely.
Solution: Disable VNC access from the network by
using a firewall, or stop VNC service if not needed.
Risk factor :
Medium
. Warning found on port unknown (5901/tcp)
Version of VNC Protocol is: RFB 003.003
. Information found on port general/udp
For your information, here is the traceroute to
64.252.129.83 :
192.168.1.254
64.252.129.83
------------------------------------------------------
This file was generated by the Nessus Security Scanner
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
