ESET Wykrywanie i zarządzanie zagrożeniami
Transkrypt
ESET Wykrywanie i zarządzanie zagrożeniami
ESET Wykrywanie i zarządzanie zagrożeniami Raport o wynikach testu Informacje o firmie Nazwa i adres: DAGMA Sp. z o.o., Pszczyńska 15, 40-012 Katowice, PL Informacje o teście Test przeprowadzono: Testowane urządzenie: Grupy urządzeń: Parametry testu: Testowane z IP: 01.03.2012 09:52:04 – 01.03.2012 09:58:18 Windows Grzesia [83.17.131.118] -1. Kompleksowy test – manualny 77.78.102.243 Podsumowanie Zagrożenia: liczba: 19, najwyższe: 1, średnia: 1,00 Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 1/11 ESET Wykrywanie i zarządzanie zagrożeniami Szczegółowe wyniki Zagrożenia stopnia 1 - niski (19x) Ping the remote host – general/tcp Synopsis: It was possible to identify the status of the remote host (alive or dead) Description: This plugin attempts to determine if the remote host is alive using one or more ping types : - An ARP ping, provided the host is on the local subnet and Nessus is running over ethernet. - An ICMP ping. - A TCP ping, in which the plugin sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYN/ACK. - A UDP ping (DNS, RPC, NTP, etc). Risk factor: None Solution: n/a Plugin output: The remote host is up The remote host replied to an ICMP echo packet ICMP Timestamp Request Remote Date Disclosure – general/icmp Synopsis: It is possible to determine the exact time set on the remote host. Description: The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols. Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Plugin output: The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -185 seconds. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 2/11 ESET Wykrywanie i zarządzanie zagrożeniami CVE: CVE-1999-0524 Other references: OSVDB:94, CWE:200 Device Type – general/tcp Synopsis: It is possible to guess the remote device type. Description: Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc). Risk factor: None Solution: n/a Plugin output: Remote device type : general-purpose Confidence level : 70 OS Identification – general/tcp Synopsis: It is possible to guess the remote operating system. Description: Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version. Risk factor: None Solution: n/a Plugin output: Remote operating system : Microsoft Windows 2003 Microsoft Windows Vista Microsoft Windows 2008 Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 3/11 ESET Wykrywanie i zarządzanie zagrożeniami Microsoft Windows 7 Microsoft Windows 2008 R2 Confidence Level : 70 Method : HTTP The remote host is running one of these operating systems : Microsoft Windows 2003 Microsoft Windows Vista Microsoft Windows 2008 Microsoft Windows 7 Microsoft Windows 2008 R2 TCP/IP Timestamps Supported – general/tcp Synopsis: The remote service implements TCP timestamps. Description: The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed. Risk factor: None See also: ● http://www.ietf.org/rfc/rfc1323.txt Solution: n/a Host Fully Qualified Domain Name (FQDN) Resolution – general/tcp Synopsis: It was possible to resolve the name of the remote host. Description: Nessus was able to resolve the FQDN of the remote host. Risk factor: None Solution: n/a Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 4/11 ESET Wykrywanie i zarządzanie zagrożeniami Plugin output: 83.17.131.118 resolves as aox118.internetdsl.tpnet.pl. Common Platform Enumeration (CPE) – general/tcp Synopsis: It is possible to enumerate CPE names that matched on the remote system. Description: By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. Risk factor: None See also: ● http://cpe.mitre.org/ Solution: n/a Plugin output: The remote operating system matched the following CPE's : cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_7 Following application CPE matched on the remote system : cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5 Traceroute Information – general/udp Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 5/11 ESET Wykrywanie i zarządzanie zagrożeniami Solution: n/a Plugin output: For your information, here is the traceroute from 77.78.102.243 to 83.17.131.118 : 77.78.102.243 77.78.102.254 217.11.224.254 81.0.192.35 213.248.104.89 213.155.131.66 213.155.131.210 80.91.249.201 213.248.89.94 194.204.175.114 80.49.0.62 83.17.131.113 83.17.131.118 Service Detection – www (80/tcp) Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A web server is running on this port. Web Server Unconfigured - Default Install Page Present – www (80/tcp) Synopsis: The remote web server is not configured or is not properly configured. Description: The remote web server uses its default welcome page. It probably means that this server is not used at all or is serving content that is meant to be hidden. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 6/11 ESET Wykrywanie i zarządzanie zagrożeniami Risk factor: None Solution: Disable this service if you do not use it. Plugin output: The default welcome page is from IIS. Other references: OSVDB:2117 HTTP Server Type and Version – www (80/tcp) Synopsis: A web server is running on the remote host. Description: This plugin attempts to determine the type and the version of the remote web server. Risk factor: None Solution: n/a Plugin output: The remote web server type is : Microsoft-IIS/7.5 HTTP Methods Allowed (per directory) – www (80/tcp) Synopsis: This plugin determines which HTTP methods are allowed on various CGI directories. Description: By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Risk factor: Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 7/11 ESET Wykrywanie i zarządzanie zagrożeniami None Solution: n/a Plugin output: Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / Service Detection – vmware_auth (912/tcp) Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A VMware authentication daemon is running on this port. HyperText Transfer Protocol (HTTP) Information – www (80/tcp) Synopsis: Some information about the remote HTTP configuration can be extracted. Description: This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Risk factor: None Solution: Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 8/11 ESET Wykrywanie i zarządzanie zagrożeniami n/a Plugin output: Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Content-Type: text/html Last-Modified: Fri, 08 Jul 2011 10:27:25 GMT Accept-Ranges: bytes ETag: "63eb6fa1593dcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Thu, 01 Mar 2012 08:57:21 GMT Content-Length: 689 Service Detection – www (5357/tcp) Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A web server is running on this port. VMware ESX/GSX Server detection – vmware_auth (912/tcp) Synopsis: The remote host appears to be running VMware Server, ESX Server, or GSX Server. Description: According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely indicates the remote host is running VMware Server, ESX Server, or GSX Server. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 9/11 ESET Wykrywanie i zarządzanie zagrożeniami Risk factor: None See also: ● http://www.vmware.com/ Solution: n/a VNC Server Security Type Detection – vnc (5900/tcp) Synopsis: A VNC server is running on the remote host. Description: This script checks the remote VNC server protocol version and the available 'security types'. Risk factor: None Solution: n/a Plugin output: The remote VNC server chose security type #6 (RA2ne) VNC Software Detection – vnc (5900/tcp) Synopsis: The remote host is running a remote display software (VNC). Description: The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another. Risk factor: None See also: ● http://en.wikipedia.org/wiki/Vnc Solution: Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 10/11 ESET Wykrywanie i zarządzanie zagrożeniami port. Plugin output: The highest RFB protocol version supported by the server is : 3.6 Service Detection – vnc (5900/tcp) Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A vnc server is running on this port. Otwarte porty (11x) Lista otwartych portów ● ● ● ● ● ● ● ● ● ● ● unknown (49158/tcp) unknown (49153/tcp) unknown (49154/tcp) unknown (49155/tcp) unknown (49157/tcp) ms-wbt-server? (3389/tcp) www (5357/tcp) vnc (5900/tcp) unknown (49152/tcp) www (80/tcp) vmware_auth (912/tcp) Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 11/11