List of the tested hosts :

• addled (Security warnings found)

List of open ports :

• ssh (22/tcp) (Security notes found)
• domain (53/tcp) (Security warnings found)
• http (80/tcp) (Security warnings found)
• sunrpc (111/tcp)
• netbios-ssn (139/tcp) (Security warnings found)
• osu-nms (192/tcp) (Security warnings found)
• https (443/tcp) (Security warnings found)
• unknown (953/tcp)
• unknown (1241/tcp)
• nfsd (2049/tcp) (Security warnings found)
• unknown (3001/tcp) (Security warnings found)
• unknown (3306/tcp)
• general/tcp (Security notes found)
• netbios-ns (137/udp) (Security warnings found)
• general/udp (Security notes found)
• nfsd (2049/udp) (Security warnings found)

Information found on port ssh (22/tcp)

Remote SSH version : ssh-2.0-openssh_3.0.2

Warning found on port domain (53/tcp)

The remote name server allows recursive queries to be performed
by the host running nessusd.

If this is your internal nameserver, then forget this warning.

If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.


Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf

If you are using another name server, consult its documentation.

Risk factor : Serious

Information found on port domain (53/tcp)

The remote bind version is : 9.1.3

Warning found on port http (80/tcp)

Requesting the URI /server-status gives information about
the currently running Apache.

Risk factor : Low.
Solution :
If you don't use this feature, comment the appropriate section in
your httpd.conf file. If you really need it, limit its access to
the administrator's machine.

Information found on port http (80/tcp)

The remote web server type is :
Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6a mod_perl/1.26


We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult

Warning found on port netbios-ssn (139/tcp)

A 'rfpoison' packet has been sent to the remote host.
This packet is supposed to crash the 'services.exe' process,
rendering the system instable.
If you see that this attack was successful, have a look
at this page :
http://www.wiretrip.net/rfp/p/doc.asp?id=23&iface=2
CVE : CVE-1999-0721

Warning found on port osu-nms (192/tcp)

a web server is running on this port

Warning found on port osu-nms (192/tcp)

Requesting the URI /server-status gives information about
the currently running Apache.

Risk factor : Low.
Solution :
If you don't use this feature, comment the appropriate section in
your httpd.conf file. If you really need it, limit its access to
the administrator's machine.

Information found on port osu-nms (192/tcp)

The remote web server type is :
Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6a mod_perl/1.26


We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult

Warning found on port https (443/tcp)

a web server is running on this port

Warning found on port https (443/tcp)

The Sambar webserver is running. It provides a webinterface for sending emails.
You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want.
Due to the fact that Sambar does not check HTTP referers you do not need direct access to the server!

See http://www.toppoint.de/~hscholz/sambar for more information.

Solution : Try to disable this module. There might be a patch in the future.

Risk factor : High

Information found on port https (443/tcp)

The remote web server type is :
Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6a mod_perl/1.26


We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult

Warning found on port nfsd (2049/tcp)

Here is the export list of addled :
/usr/local/samba 10.0.0.2,
/var/log 10.0.0.2,

CVE : CVE-1999-0554

Warning found on port unknown (3001/tcp)

Nessus Daemon open on port TCP:3001, NessusD version: NTP/1.2

Information found on port general/tcp

Nmap found that this host is running FreeBSD 4.4 or MacOS X 10.0.4 (Darwin V. 1.3-1.3.7 or 4P13)

Warning found on port netbios-ns (137/udp)

. The following 7 NetBIOS names have been gathered :
ADDLED = This is the computer name registered for workstation services by a WINS client.
ADDLED = Computer name that is registered for the messenger service on a computer that is a WINS client.
ADDLED
__MSBROWSE__
SLACK = Workgroup / Domain name
SLACK
SLACK = Workgroup / Domain name (part of the Browser elections)

. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium

Information found on port general/udp

For your information, here is the traceroute to 10.0.0.1 :
10.0.0.1

Warning found on port nfsd (2049/udp)

The nfsd RPC service is running.
There is a bug in older versions of
this service that allow an intruder to
execute arbitrary commands on your system.

Make sure that you have the latest version
of nfsd

Risk factor : High
CVE : CAN-1999-0832