Raport o wynikach testu Informacje o firmie Nazwa i adres: DAGMA Sp. z o.o., Pszczyńska 15, 40-012 Katowice, PL Informacje o teście Test przeprowadzono: 01.03.2012 09:52:04 01.03.2012 09:58:18 Testowane urządzenie: Windows Grzesia [83.17.131.118] Grupy urządzeń: -- Parametry testu: 1. Kompleksowy test manualny Testowane z IP: 77.78.102.243 Podsumowanie Zagrożenia: liczba: 19, najwyższe: 1, średnia: 1,00 Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 1/11
Szczegółowe wyniki Zagrożenia stopnia 1 - niski (19x) Ping the remote host general/tcp It was possible to identify the status of the remote host (alive or dead) This plugin attempts to determine if the remote host is alive using one or more ping types : - An ARP ping, provided the host is on the local subnet and Nessus is running over ethernet. - An ICMP ping. - A TCP ping, in which the plugin sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYN/ACK. - A UDP ping (DNS, RPC, NTP, etc). The remote host is up The remote host replied to an ICMP echo packet ICMP Timestamp Request Remote Date Disclosure general/icmp It is possible to determine the exact time set on the remote host. The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols. Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -185 seconds. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 2/11
CVE: CVE-1999-0524 Other references: OSVDB:94, CWE:200 Device Type general/tcp It is possible to guess the remote device type. Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc). Remote device type : general-purpose Confidence level : 70 OS Identification general/tcp It is possible to guess the remote operating system. Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version. Remote operating system : Microsoft Windows 2003 Microsoft Windows Vista Microsoft Windows 2008 Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 3/11
Microsoft Windows 7 Microsoft Windows 2008 R2 Confidence Level : 70 Method : HTTP The remote host is running one of these operating systems : Microsoft Windows 2003 Microsoft Windows Vista Microsoft Windows 2008 Microsoft Windows 7 Microsoft Windows 2008 R2 TCP/IP Timestamps Supported general/tcp The remote service implements TCP timestamps. The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed. See also: http://www.ietf.org/rfc/rfc1323.txt Host Fully Qualified Domain Name (FQDN) Resolution general/tcp It was possible to resolve the name of the remote host. Nessus was able to resolve the FQDN of the remote host. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 4/11
83.17.131.118 resolves as aox118.internetdsl.tpnet.pl. Common Platform Enumeration (CPE) general/tcp It is possible to enumerate CPE names that matched on the remote system. By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. See also: http://cpe.mitre.org/ The remote operating system matched the following CPE's : cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_7 Following application CPE matched on the remote system : cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5 Traceroute Information general/udp It was possible to obtain traceroute information. Makes a traceroute to the remote host. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 5/11
For your information, here is the traceroute from 77.78.102.243 to 83.17.131.118 : 77.78.102.243 77.78.102.254 217.11.224.254 81.0.192.35 213.248.104.89 213.155.131.66 213.155.131.210 80.91.249.201 213.248.89.94 194.204.175.114 80.49.0.62 83.17.131.113 83.17.131.118 Service Detection www (80/tcp) The remote service could be identified. It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. A web server is running on this port. Web Server Unconfigured - Default Install Page Present www (80/tcp) The remote web server is not configured or is not properly configured. The remote web server uses its default welcome page. It probably means that this server is not used at all or is serving content that is meant to be hidden. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 6/11
Disable this service if you do not use it. The default welcome page is from IIS. Other references: OSVDB:2117 HTTP Server Type and Version www (80/tcp) A web server is running on the remote host. This plugin attempts to determine the type and the version of the remote web server. The remote web server type is : Microsoft-IIS/7.5 HTTP Methods Allowed (per directory) www (80/tcp) This plugin determines which HTTP methods are allowed on various CGI directories. By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 7/11
Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / Service Detection vmware_auth (912/tcp) The remote service could be identified. It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. A VMware authentication daemon is running on this port. HyperText Transfer Protocol (HTTP) Information www (80/tcp) Some information about the remote HTTP configuration can be extracted. This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 8/11
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Content-Type: text/html Last-Modified: Fri, 08 Jul 2011 10:27:25 GMT Accept-Ranges: bytes ETag: "63eb6fa1593dcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Thu, 01 Mar 2012 08:57:21 GMT Content-Length: 689 Service Detection www (5357/tcp) The remote service could be identified. It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. A web server is running on this port. VMware ESX/GSX Server detection vmware_auth (912/tcp) The remote host appears to be running VMware Server, ESX Server, or GSX Server. According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely indicates the remote host is running VMware Server, ESX Server, or GSX Server. Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 9/11
See also: http://www.vmware.com/ VNC Server Security Type Detection vnc (5900/tcp) A VNC server is running on the remote host. This script checks the remote VNC server protocol version and the available 'security types'. The remote VNC server chose security type #6 (RA2ne) VNC Software Detection vnc (5900/tcp) The remote host is running a remote display software (VNC). The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another. See also: http://en.wikipedia.org/wiki/vnc Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 10/11
port. The highest RFB protocol version supported by the server is : 3.6 Service Detection vnc (5900/tcp) The remote service could be identified. It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. A vnc server is running on this port. Otwarte porty (11x) Lista otwartych portów unknown (49158/tcp) unknown (49153/tcp) unknown (49154/tcp) unknown (49155/tcp) unknown (49157/tcp) ms-wbt-server? (3389/tcp) www (5357/tcp) vnc (5900/tcp) unknown (49152/tcp) www (80/tcp) vmware_auth (912/tcp) Usługa EVA świadczona jest przez oddział firmy ESET - 2009 ESET Services Strona: 11/11