Cover V11, I05

Article
Figure 1

may2002.tar

Figure 1 Nessus report 

SUMMARY

 - Number of hosts which were alive during the test : 1
 - Number of security holes found : 0
 - Number of security warnings found : 3
 - Number of security notes found : 5

TESTED HOSTS

 192.168.1.1 (Security warnings found)

DETAILS

+ 192.168.1.1 :
 - List of open ports :
   o ssh (22/tcp) (Security notes found)
   o domain (53/tcp) (Security warnings found)
   o http (80/tcp) (Security notes found)
   o unknown (3306/tcp)
   o unknown (3469/tcp)
   o x11 (6000/tcp) (Security warnings found)
   o general/udp (Security notes found)
   o general/tcp (Security notes found)

 - Information found on port ssh (22/tcp)

    Remote SSH version : ssh-1.99-openssh_2.9 freebsd localisations
     20010713

 - Warning found on port domain (53/tcp)
    
    The remote name server allows DNS zone transfers to be performed.
    This information is of great use to a cracker who may use it
    to gain information about the topology of your network and spot 
    new targets.
    
    Solution: Restrict DNS zone transfers to only the servers that 
    absolutely need it.
    
    Risk factor :
     Medium


 - Warning found on port domain (53/tcp)
    
    The remote name server allows recursive queries to be performed
    by the host running nessusd.
    
    If this is your internal nameserver, then forget this warning.
    
    If you are probing a remote nameserver, then it allows anyone
    to use it to resolve third parties names (such as www.nessus.org).
    This allows hackers to do cache poisoning attacks against this 
    nameserver.
    
    
    Solution : Restrict recursive queries to the hosts that should
    use this nameserver (such as those of the LAN connected to it).
    If you are using bind 8, you can do this by using the instruction
    'allow-recursion' in the 'options' section of your named.conf
    
    If you are using another name server, consult its documentation.
    
    Risk factor :
     Serious


 - Information found on port domain (53/tcp)

    The remote bind version is :
     8.2.4-REL


 - Information found on port http (80/tcp)

    The remote web server type is :
    
    Apache/1.3.20 (Unix) PHP/4.0.6
    
    We recommend that you configure your web server to return
    bogus versions, so that it makes the cracker job more difficult


 - Warning found on port x11 (6000/tcp)

    This X server does *not* accept clients to connect to it
    however it is recommended that you filter incoming connections
    to this port as cracker may send garbage data and slow down
    your X session or even kill the server
    Here is the message we received : 
    
         Client is not authorized to connect to Server
    
    Solution : filter incoming connections to ports 6000-6009
    Risk factor : Low
    CVE : CVE-1999-0526


 - Information found on port general/udp

    For your information, here is the traceroute to 192.168.1.1 : 
    192.168.1.1


 - Information found on port general/tcp

    QueSO has found out that the remote host OS is 
    * NetBSD 1.3.x, FreeBSD 3.x  

    CVE : CAN-1999-0454

------------------------------------------------------
This file was generated by the Nessus Security Scanner
 
© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com