List of open ports :
Warning found on port echo (7/tcp)
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low.
Solution : comment out 'echo' in /etc/inetd.conf
CVE : CVE-1999-0103
Warning found on port daytime (13/tcp)
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Warning found on port chargen (19/tcp)
The chargen service is running.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random (something like all
the characters in the alphabet in row). When contacted via UDP, it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines
running chargen. They will commence spewing characters at each other, slowing
the machines down and saturating the network.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Warning found on port ftp (21/tcp)
The FTP service allows anonymous logins. If you do not
want to share data with anyone you do not know, then you should deactivate
the anonymous account, since it can only cause troubles.
Under most Unix system, doing :
echo ftp >> /etc/ftpusers
will correct this.
Risk factor : Low
CVE : CAN-1999-0497
Information found on port ftp (21/tcp)
Remote FTP server banner :
ryu.dyn.to ftp server ready.
Information found on port ssh (22/tcp)
Remote SSH version : ssh-1.5-openssh-1.2.3
Warning found on port smtp (25/tcp)
The remote SMTP server
answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find
the delivery adress of mail aliases, or
even the full name of the recipients, and
the VRFY command may be used to check the
validity of an account.
Your mailer should not allow remote users to
use any of these commands, because it gives
them too much informations.
Solution : if you are using sendmail, add the
option
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE : CAN-1999-0531
Information found on port smtp (25/tcp)
Remote SMTP server banner :
mail.ryu.dyn.to ESMTP Sendmail 8.9.3+3.2W/3.7W-MailExchanger
Sun, 17 Dec 2000 23:25:26 +0900
214-This is Sendmail version 8.9.3+3.2W214-Topics:
214- HELO EHLO MAIL RCPT DATA
214- RSET NOOP QUIT HELP VRFY
214- EXPN VERB ETRN DSN
214-For more info use "HELP <topic>".
214-To report bugs in the implementation send email to
214- sendmail-bugs@sendmail.org.
214-This sendmail includes "WIDE-Internet patch package" which provides
214-some useful improvements.
214-To report bugs/questions about this patch send email to
214- motonori@wide.ad.jp
214-For local information send email to Postmaster at your site.
214 End of HELP info
Warning found on port domain (53/tcp)
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursive' in the 'options' section of your named.conf
If you are using another name server, consult its documentation.
Risk factor : Serious
Information found on port domain (53/tcp)
The remote bind version is : 8.2.2-P7
Vulnerability found on port http (80/tcp)
Information found on port http (80/tcp)
The remote web server type is :
Apache/1.3.14 (TurboLinux)
We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult
Information found on port pop-3 (110/tcp)
The remote POP server banner is :
+OK POP3 ryu.dyn.to v7.64 server ready
Warning found on port unknown (3001/tcp)
Nessus Daemon open on port TCP:3001, NessusD version: NTP/1.2
Vulnerability found on port unknown (3128/tcp)
Warning found on port unknown (3128/tcp)
a web server is running on this port
Warning found on port unknown (3128/tcp)
an HTTP proxy is running on this port
Warning found on port unknown (3128/tcp)
The misconfigured proxy accepts requests coming
from anywhere. This allows attackers to gain some anonymity when browsing
some sensitive sites using your proxy, making the remote sites think that
the requests come from your network.
Solution: Reconfigure the remote proxy so that it only accepts coming
from inside your network.
Risk factor : Low/Medium
Warning found on port unknown (3128/tcp)
The Sambar webserver is running. It provides a webinterface for sending emails.
You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want.
Due to the fact that Sambar does not check HTTP referers you do not need direct access to the server!
See http://www.toppoint.de/~hscholz/sambar for more information.
Solution : Try to disable this module. There might be a patch in the future.
Risk factor : High
Information found on port unknown (3128/tcp)
The remote web server type is :
Squid/2.3.STABLE2
We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult
Vulnerability found on port unknown (6000/tcp)
Information found on port general/tcp
Nmap found that this host is running Linux 2.1.122 - 2.2.14
Information found on port general/udp
For your information, here is the traceroute to 192.168.0.100 :
192.168.0.100
Warning found on port echo (7/udp)
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low.
Solution : comment out 'echo' in /etc/inetd.conf
CVE : CVE-1999-0103
Warning found on port daytime (13/udp)
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Warning found on port chargen (19/udp)
The chargen service is running.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random (something like all
the characters in the alphabet in row). When contacted via UDP, it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines
running chargen. They will commence spewing characters at each other, slowing
the machines down and saturating the network.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103