ESET Wykrywanie i zarządzanie zagrożeniami

Transkrypt

Raport o wynikach testu
Informacje o firmie
Nazwa i adres:
DAGMA Sp. z o.o., Pszczyńska 15, 40-012 Katowice, PL
Informacje o teście
Test przeprowadzono:
Testowane urządzenie:
Grupy urządzeń:
Parametry testu:
Testowane z IP:
01.03.2012 09:52:04 – 01.03.2012 09:58:18
Windows Grzesia [83.17.131.118]
-1. Kompleksowy test – manualny
77.78.102.243
Podsumowanie
Zagrożenia:
liczba: 19, najwyższe: 1, średnia: 1,00
Usługa EVA świadczona jest przez oddział firmy ESET -  2009 ESET Services
Strona: 1/11
Szczegółowe wyniki
Zagrożenia stopnia 1 - niski (19x)
Ping the remote host – general/tcp
Synopsis:
It was possible to identify the status of the remote host (alive or dead)
Description:
This plugin attempts to determine if the remote host is alive using one or more ping types : - An ARP ping, provided the host
is on the local subnet and Nessus is running over ethernet. - An ICMP ping. - A TCP ping, in which the plugin sends to the
remote host a packet with the flag SYN, and the host will reply with a RST or a SYN/ACK. - A UDP ping (DNS, RPC, NTP, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
The remote host is up
The remote host replied to an ICMP echo packet
ICMP Timestamp Request Remote Date Disclosure – general/icmp
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted
machine. This may help an attacker to defeat all time-based authentication protocols.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -185 seconds.
Strona: 2/11
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Device Type – general/tcp
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router,
general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose
Confidence level : 70
OS Identification – general/tcp
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote
operating system in use, and sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows 2003
Microsoft Windows Vista
Microsoft Windows 2008
Strona: 3/11
Microsoft Windows 7
Microsoft Windows 2008 R2
Confidence Level : 70
Method : HTTP
The remote host is running one of these operating systems :
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 2008 R2
TCP/IP Timestamps Supported – general/tcp
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the
remote host can sometimes be computed.
Risk factor:
None
See also:
●
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Host Fully Qualified Domain Name (FQDN) Resolution – general/tcp
Synopsis:
It was possible to resolve the name of the remote host.
Description:
Nessus was able to resolve the FQDN of the remote host.
Risk factor:
None
Solution:
n/a
Strona: 4/11
Plugin output:
83.17.131.118 resolves as aox118.internetdsl.tpnet.pl.
Common Platform Enumeration (CPE) – general/tcp
Synopsis:
It is possible to enumerate CPE names that matched on the remote system.
Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for
various hardware and software products found on a host. Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information available from the scan.
Risk factor:
None
See also:
●
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following CPE's :
cpe:/o:microsoft:windows
cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_7
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5
Traceroute Information – general/udp
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Strona: 5/11
Solution:
n/a
Plugin output:
For your information, here is the traceroute from 77.78.102.243 to 83.17.131.118 :
77.78.102.243
77.78.102.254
217.11.224.254
81.0.192.35
213.248.104.89
213.155.131.66
213.155.131.210
80.91.249.201
213.248.89.94
194.204.175.114
80.49.0.62
83.17.131.113
83.17.131.118
Service Detection – www (80/tcp)
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an
HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Web Server Unconfigured - Default Install Page Present – www (80/tcp)
Synopsis:
The remote web server is not configured or is not properly configured.
Description:
The remote web server uses its default welcome page. It probably means that this server is not used at all or is serving
content that is meant to be hidden.
Strona: 6/11
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
The default welcome page is from IIS.
Other references:
OSVDB:2117
HTTP Server Type and Version – www (80/tcp)
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is :
Microsoft-IIS/7.5
HTTP Methods Allowed (per directory) – www (80/tcp)
Synopsis:
This plugin determines which HTTP methods are allowed on various CGI directories.
Description:
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list
may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in
the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a
response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate
the presence of any security vulnerabilities.
Risk factor:
Strona: 7/11
None
Solution:
n/a
Plugin output:
Based on the response to an OPTIONS request :
- HTTP methods
GET
HEAD
POST
TRACE OPTIONS are allowed on :
/
Service Detection – vmware_auth (912/tcp)
Synopsis:
Description:
HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A VMware authentication daemon is running on this port.
HyperText Transfer Protocol (HTTP) Information – www (80/tcp)
Synopsis:
Some information about the remote HTTP configuration can be extracted.
Description:
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP
pipelining are enabled, etc... This test is informational only and does not denote any security problem.
Risk factor:
None
Solution:
Strona: 8/11
n/a
Plugin output:
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :
Content-Type: text/html
Last-Modified: Fri, 08 Jul 2011 10:27:25 GMT
Accept-Ranges: bytes
ETag: "63eb6fa1593dcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 01 Mar 2012 08:57:21 GMT
Content-Length: 689
Service Detection – www (5357/tcp)
Synopsis:
Description:
HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
VMware ESX/GSX Server detection – vmware_auth (912/tcp)
Synopsis:
The remote host appears to be running VMware Server, ESX Server, or GSX Server.
Description:
According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely
indicates the remote host is running VMware Server, ESX Server, or GSX Server.
Strona: 9/11
Risk factor:
None
See also:
●
http://www.vmware.com/
Solution:
n/a
VNC Server Security Type Detection – vnc (5900/tcp)
Synopsis:
A VNC server is running on the remote host.
Description:
This script checks the remote VNC server protocol version and the available 'security types'.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote VNC server chose security type #6 (RA2ne)
VNC Software Detection – vnc (5900/tcp)
Synopsis:
The remote host is running a remote display software (VNC).
Description:
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide
remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
Risk factor:
None
See also:
●
http://en.wikipedia.org/wiki/Vnc
Solution:
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this
Strona: 10/11
port.
Plugin output:
The highest RFB protocol version supported by the server is :
3.6
Service Detection – vnc (5900/tcp)
Synopsis:
Description:
HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A vnc server is running on this port.
Otwarte porty (11x)
Lista otwartych portów
●
●
●
●
●
●
●
●
●
●
●
unknown (49158/tcp)
unknown (49153/tcp)
unknown (49154/tcp)
unknown (49155/tcp)
unknown (49157/tcp)
ms-wbt-server? (3389/tcp)
www (5357/tcp)
vnc (5900/tcp)
unknown (49152/tcp)
www (80/tcp)
vmware_auth (912/tcp)
Strona: 11/11

ESET Wykrywanie i zarządzanie zagrożeniami

Transkrypt

Podobne dokumenty

Eset username tester

Esl plural worksheet

Nod23 za free

Warning! - Maciej Szmit