Nessus Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test 1
Number of security holes found 2
Number of security warnings found 1

Host List
Host(s) Possible Issue Security hole(s) found
[ return to top ]

Analysis of Host
Address of Host Port/Service Issue regarding Port general/icmp Security notes found unknown (5353/udp) Security notes found general/tcp Security hole found general/udp Security notes found

Security Issues and Fixes:
Type Port Issue and Fix
Informational general/icmp Here is the route recorded between and :

Nessus ID : 12264
Informational unknown (5353/udp)
The remote host is running the RendezVous (also known as ZeroConf or mDNS)

This protocol allows anyone to dig information from the remote host, such
as its operating system type and exact version, its hostname, and the list
of services it is running.

We could extract the following information :

Computer name : Matthew-Veas-Computer
Ethernet addr : 00:0d:93:c0:f2:ac
Computer Type : PowerBook6,4
Operating System : Mac OS X 10.3.3

Solution : You should filter incoming traffic to this port if you do not use
this protocol.

Risk Factor : Low
Nessus ID : 12218
Vulnerability general/tcp
The remote host is running a version of Mac OS X 10.3 which is older
than version 10.3.4.

Apple's newest security updates require Mac OS X 10.3.4 to be applied
properly. The remote host should be upgraded to this version as soon
as possible
Nessus ID : 12521
Vulnerability general/tcp
The remote host is running a version of MacOS which is older than 10.3.4.

Versions older than 10.3.4 contain several flaws which may allow an attacker
to execute arbitrary commands on the remote system with root privileges.

Solution : Upgrade to MacOS X 10.3.4
Risk Factor : High
BID : 10271, 10432
Nessus ID : 12257
Warning general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.

An attacker may use this feature to determine traffic patterns
within your network. A few examples (not at all exhaustive) are:

1. A remote attacker can determine if the remote host sent a packet
in reply to another request. Specifically, an attacker can use your
server as an unwilling participant in a blind portscan of another

2. A remote attacker can roughly determine server requests at certain
times of the day. For instance, if the server is sending much more
traffic after business hours, the server may be a reverse proxy or
other remote access device. An attacker can use this information to
concentrate his/her efforts on the more critical machines.

3. A remote attacker can roughly estimate the number of requests that
a web server processes over a period of time.

Solution : Contact your vendor for a patch
Risk factor : Low
Nessus ID : 10201
Informational general/tcp The remote host is running Mac OS X 10.3.3
Nessus ID : 11936
Informational general/udp For your information, here is the traceroute to :

Nessus ID : 10287

This file was generated by Nessus, the open-sourced security scanner.