Security Issues and Fixes: 192.168.1.12 |
Type |
Port |
Issue and Fix |
Warning |
general/tcp |
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
Nessus ID : 11618 |
Warning |
general/tcp |
The remote host might be vulnerable to a sequence number approximation
bug, which may allow an attacker to send spoofed RST packets to the remote
host and close established connections.
This may cause problems for some dedicated services (BGP, a VPN over
TCP, etc...).
Solution : See http://www.securityfocus.com/bid/10183/solution/
Risk factor : Medium
CVE : CAN-2004-0230
BID : 10183
Other references : OSVDB:4030, IAVA:2004-A-0007
Nessus ID : 12213 |
Warning |
general/tcp |
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.
Risk factor : Low
Nessus ID : 11834 |
Warning |
general/tcp |
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine traffic patterns
within your network. A few examples (not at all exhaustive) are:
1. A remote attacker can determine if the remote host sent a packet
in reply to another request. Specifically, an attacker can use your
server as an unwilling participant in a blind portscan of another
network.
2. A remote attacker can roughly determine server requests at certain
times of the day. For instance, if the server is sending much more
traffic after business hours, the server may be a reverse proxy or
other remote access device. An attacker can use this information to
concentrate his/her efforts on the more critical machines.
3. A remote attacker can roughly estimate the number of requests that
a web server processes over a period of time.
Solution : Contact your vendor for a patch
Risk factor : Low
Nessus ID : 10201 |
Informational |
general/tcp |
The remote host is up
Nessus ID : 10180 |
Informational |
general/tcp |
Nmap found that this host is running NetBSD 1.3I through 1.6
Nessus ID : 10336 |
Informational |
general/tcp |
HTTP NIDS evasion functions are enabled.
You may get some false negative results
Nessus ID : 10890 |
Informational |
general/tcp |
Nessus was not able to reliably identify the remote operating system. It might be:
OpenBSD 3.5
The fingerprint differs from these known signatures on 2 points.
If you know what operating system this host is running, please send this signature to
os-signatures@nessus.org :
:1:1:0:255:1:255:1:0:255:1:0:255:1:8:255:0:1:1:1:1:1:1:0:1:64:16384:MNWNNT:0:1:1
Nessus ID : 11936 |
Warning |
echo (7/tcp) |
The remote host has a bug in its 'inetd' server. 'inetd' is the
'internet super-server' and is in charge of managing multiple sub-servers
(like telnet, ftp, chargen, and more).
There is a bug in the inetd server that comes with RedHat 6.2, which allows
an attacker to prevent it from working completely by forcing it to consume
system resources.
Solution : Upgrade to inetd-0.16-7
Risk factor : Medium
CVE : CVE-2001-0309
BID : 2395
Nessus ID : 11006 |
Warning |
discard (9/tcp) |
The remote host is running a 'discard' service. This service
typically sets up a listening socket and will ignore all the
data which it receives.
This service is unused these days, so it is advised that you
disable it.
Solution :
- Under Unix systems, comment out the 'discard' line in /etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDiscard
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk factor : Low
CVE : CAN-1999-0636
Nessus ID : 11367 |
Informational |
chargen (19/tcp) |
An unknown service is running on this port.
It is usually reserved for Chargen
Nessus ID : 10330 |
Vulnerability |
ftp (21/tcp) |
It was possible to disable the remote FTP server
by connecting to it about 3000 times, with
one connection at a time.
If the remote server is running from within [x]inetd, this
is a feature and the FTP server should automatically be back
in a couple of minutes.
An attacker may use this flaw to prevent this
service from working properly.
Solution : If the remote server is GoodTech ftpd server,
download the newest version from http://www.goodtechsys.com.
BID : 2270
Risk factor : High
CVE : CAN-2001-0188
BID : 2270
Nessus ID : 10690 |
Informational |
ftp (21/tcp) |
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper
Nessus ID : 10330 |
Informational |
telnet (23/tcp) |
An unknown service is running on this port.
It is usually reserved for Telnet
Nessus ID : 10330 |
Informational |
time (37/tcp) |
An unknown service is running on this port.
It is usually reserved for Time
Nessus ID : 10330 |
Informational |
finger (79/tcp) |
An unknown service is running on this port.
It is usually reserved for Finger
Nessus ID : 10330 |
Informational |
finger (79/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
CDK
Firehotcker
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
Informational |
auth (113/tcp) |
An unknown service is running on this port.
It is usually reserved for AUTH
Nessus ID : 10330 |
Informational |
auth (113/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
Invisible Identd Deamon
Kazimas
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
Informational |
nntp (119/tcp) |
An unknown service is running on this port.
It is usually reserved for NNTP
Nessus ID : 10330 |
Informational |
nntp (119/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
Happy99
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
Informational |
shell (514/tcp) |
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
RPC Backdoor
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157 |
Informational |
general/udp |
For your information, here is the traceroute to 192.168.1.12 :
192.168.1.3
192.168.1.12
Nessus ID : 10287 |
Informational |
general/icmp |
Here is the route recorded between 192.168.1.3 and 192.168.1.12 :
192.168.1.12.
Nessus ID : 12264 |