Return to the 2006 Operating System Vulnerability Summary on OmniNerd
List of hosts
192.168.1.101Low Severity problem(s) found

[^] Back

192.168.1.101


Scan time :
Start time : Tue Mar 6 23:32:53 2007
End time : Tue Mar 6 23:47:47 2007
Number of vulnerabilities :
Open ports : 36
Low : 17
Medium : 0
High : 0
Information about the remote host :

Operating system : (unknown)
NetBIOS name : TESTING
DNS name : (unknown)

[^] Back to 192.168.1.101

Port netbios-ssn (139/tcp)
SMB Detection
An SMB server is running on this port

Nessus ID : 11011

[^] Back to 192.168.1.101

Port netbios-ns (137/tcp)
Using NetBIOS to retrieve information from a Windows host

Synopsis :

It is possible to obtain the network name of the remote host.

Description :

The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.

Risk factor :

None

Plugin output :

The following 7 NetBIOS names have been gathered :

TESTING = Computer name
TESTING = Messenger Service
TESTING = File Server Service
__MSBROWSE__ = Master Browser
MYGROUP = Master Browser
MYGROUP = Browser Service Elections
MYGROUP = Workgroup / Domain name

This SMB server seems to be a SAMBA server (MAC address is NULL).
CVE : CVE-1999-0621
Other references : OSVDB:13577

Nessus ID : 10150

[^] Back to 192.168.1.101

Port general/udp
Traceroute
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.101 :
192.168.1.250
192.168.1.101


Nessus ID : 10287

[^] Back to 192.168.1.101

Port ftp (21/tcp)
Services
An FTP server is running on this port.
Here is its banner :
220 (vsFTPd 2.0.5)

Nessus ID : 10330
FTP Server Detection

Synopsis :

An FTP server is listening on this port

Description :

It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.

Risk factor :

None

Plugin output :

The remote FTP banner is :
220 (vsFTPd 2.0.5)

Nessus ID : 10092
Anonymous FTP enabled

Synopsis :

Anonymous logins are allowed on the remote FTP server.

Description :

This FTP service allows anonymous logins. If you do not want to share data
with anyone you do not know, then you should deactivate the anonymous account,
since it can only cause troubles.

Risk factor :

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Plugin output :

The content of the remote FTP root is :
drwxr-xr-x 2 0 0 4096 Aug 28 2006 pub

CVE : CVE-1999-0497

Nessus ID : 10079

[^] Back to 192.168.1.101

Port ssh (22/tcp)
Services
An ssh server is running on this port

Nessus ID : 10330
SSH Server type and version
Remote SSH version : SSH-2.0-OpenSSH_4.3

Remote SSH supported authentication : publickey,gssapi-with-mic,password



Nessus ID : 10267

[^] Back to 192.168.1.101

Port general/icmp
icmp timestamp request

Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.

This may help him to defeat all your time based authentication protocols.

Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

The remote clock is synchronized with the local clock.

CVE : CVE-1999-0524

Nessus ID : 10114
Record route
Here is the route recorded between 192.168.1.250 and 192.168.1.101 :
192.168.1.101.
192.168.1.101.


Nessus ID : 12264

[^] Back to 192.168.1.101

Port general/tcp
OS Identification
Nessus was not able to reliably identify the remote operating system. It might be:
IBM OS/400
Linux Kernel 2.4
SCO UnixWare 8.0

Nessus ID : 11936
Information about the scan
Information about this scan :

Nessus version : 3.0.4
Plugin feed version : 200701101815
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.1.250
Port scanner(s) : nessus_tcp_scanner synscan
Port range : default
Thorough tests : yes
Experimental tests : no
Paranoia level : 0
Report Verbosity : 2
Safe checks : no
Max hosts : 40
Max checks : 5
Scan Start Date : 2007/3/6 23:32
Scan duration : 892 sec


Nessus ID : 19506

[^] Back to 192.168.1.101

Port microsoft-ds (445/tcp)
SMB Detection
A CIFS server is running on this port

Nessus ID : 11011
SMB NativeLanMan

Synopsis :

It is possible to obtain information about the remote operating
system.

Description :

It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.

Risk factor :

None

Plugin output :

The remote Operating System is : Unix
The remote native lan manager is : Samba 3.0.23c-2
The remote SMB Domain Name is : TESTING


Nessus ID : 10785
SMB log in

Synopsis :

It is possible to logon on the remote host.

Description :

The remote host is running one of the Microsoft Windows operating
system. It was possible to logon using one of the following
account :

- NULL session
- Guest account
- Given Credentials

See also :

http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP

Risk factor :

none

Plugin output :

- NULL sessions are enabled on the remote host

CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595
BID : 494, 990, 11199

Nessus ID : 10394
SMB LanMan Pipe Server browse listing

Synopsis :

It is possible to obtain network information.

Description :

It was possible to obtain the browse list of the remote
Windows system by send a request to the LANMAN pipe.
The browse list is the list of the nearest Windows systems
of the remote host.

Risk factor :

None

Plugin output :

Here is the browse list of the remote host :

TESTING ( os: 0.0 )

Other references : OSVDB:300

Nessus ID : 10397

[^] Back to 192.168.1.101

Port http (80/tcp)
Services
A web server is running on this port

Nessus ID : 10330

[^] Back to 192.168.1.101

Port nfs (2049/tcp)