Nessus Scan Report ------------------ SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 2 - Number of security warnings found : 5 - Number of security notes found : 6 TESTED HOSTS 217.79.68.5 (Security holes found) DETAILS + 217.79.68.5 : . List of open ports : o ftp (21/tcp) (Security hole found) o smtp (25/tcp) (Security notes found) o domain (53/tcp) (Security warnings found) o www (80/tcp) (Security hole found) o pop3 (110/tcp) (Security notes found) o smux (199/tcp) o general/udp (Security notes found) o general/tcp (Security warnings found) o general/icmp (Security warnings found) . Vulnerability found on port ftp (21/tcp) : The remote FTP server closes the connection when one of the commands USER, PASS or HELP is given with a too long argument. This probably due to a buffer overflow, which allows anyone to execute arbitrary code on the remote host. This problem is threatening, because the attackers don't need an account to exploit this flaw. Solution : Upgrade your FTP server or change it Risk factor : High . Information found on port ftp (21/tcp) Remote FTP server banner : proftpd 1.2.4 server (debian) [eos.dobrich.net] . Information found on port smtp (25/tcp) Remote SMTP server banner : eos.dobrich.net ESMTP Postfix (Debian/GNU) 502 Error: command not implemented . Warning found on port domain (53/tcp) The remote name server allows DNS zone transfers to be performed. This information is of great use to a cracker who may use it to gain information about the topology of your network and spot new targets. Solution: Restrict DNS zone transfers to only the servers that absolutely need it. Risk factor : Medium . Warning found on port domain (53/tcp) The remote name server allows recursive queries to be performed by the host running nessusd. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using another name server, consult its documentation. Risk factor : Serious . Information found on port domain (53/tcp) The remote bind version is : 8.3.3-REL-NOESW . Vulnerability found on port www (80/tcp) : It was possible to perform a denial of service against the remote HTTP server by sending it a long /cgi-bin relative URL. This problem allows a cracker to prevent your Lotus Domino web server from handling requests. Solution : contact your vendor for a patch, or change your server. Consider changing cgi-bin mapping by something impossible to guess in server document of primary Notes NAB. Risk factor : Serious CVE : CVE-2000-0023 . Warning found on port www (80/tcp) The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs. Solution : Use access restrictions for the /doc directory. If you use Apache you might use this in your access.conf: AllowOverride None order deny,allow deny from all allow from localhost Risk factor : High CVE : CVE-1999-0678 . Information found on port www (80/tcp) The remote web server type is : Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2 We recommend that you configure your web server to return bogus versions, so that it makes the cracker job more difficult . Information found on port pop3 (110/tcp) The remote POP server banner is : +OK POP3 www v2001.78 server ready . Information found on port general/udp For your information, here is the traceroute to 217.79.68.5 : 213.226.10.65 213.226.3.241 213.226.3.94 194.12.255.9 194.12.224.2 194.12.255.158 212.39.66.149 212.39.64.49 212.39.70.154 217.79.79.1 217.79.79.11 217.79.79.30 217.79.79.58 217.79.68.13 217.79.68.9 217.79.68.5 . Warning found on port general/tcp Microsoft Windows 95 and 98 clients have the ability to bind multiple TCP/IP stacks on the same MAC address, simply by having the protocol addded more than once in the Network Control panel. The remote host has several TCP/IP stacks with the same IP binded on the same MAC adress. As a result, it will reply several times to the same packets, such as by sending multiple ACK to a single SYN, creating noise on your network. If several hosts behave the same way, then your network will be brought down. Solution : remove all the IP stacks except one in the remote host Risk factor : Medium . Warning found on port general/icmp The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentifications protocols. Solution : filter out the icmp timestamp requests (13), and the outgoing icmp timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 ------------------------------------------------------ This file was generated by the Nessus Security Scanner