Lab 5

List of hosts 172.16.20.1 Low Severity problem(s) found 172.17.20.1 High Severity problem(s) found 172.18.20.1 High Severity problem(s) found 172.19.20.1 Low Severity problem(s) found 172.20.20.1 High Severity problem(s) found 172.30.0.10 High Severity problem(s) found 172.30.0.66 High Severity problem(s) found [^] Back 172.16.20.1 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:36:50 2010 Number of vulnerabilities Open ports : 2 High : 0 Medium : 0 Low : 2 Remote host information Operating System : NetBIOS name :

DNS name : [^] Back to 172.16.20.1 Port general (0/icmp) [-/+] ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Description: The remote host answers to an ICMP timestamp request . This allows an attacker to know the date which is set on your machine. This may help him to d efeat all your time based authentication protocols.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114 Page 1 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht CVE: CVE-1999-0524 Other references: OSVDB:94 Nessus Scan Information Information about this scan : Nessus version : 4.2. 2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

2010/8/5 11:34 Scan duration : 132 sec Plugin ID: 19506 [^] Back to 172.16.20.1 [^] Back 172.17.20.1 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:37:36 2010 Number of vulnerabilities Open ports : 5 High : 1 Medium : 0 Low : 8 Remote host information Operating System : KYOCERA Printer NetBIOS name : DNS name : [^] Back to 172.17.20.1 Port general (0/icmp) [-/+] ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Solution: Page 2 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94 OS Identification Remote operating system : KYOCERA Printer Confidenc e Level : 65 Method : SinFP Not all fingerprints could give a match - please email the following to o [email protected] : NTP:!:UNIX SinFP:

P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x 12:W4128:O0204ffff:M536:

P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The rem ote host is running KYOCERA Printer Plugin ID: 11936 Nessus Scan Information Information about this scan : Nessus version : 4.2. 2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

2010/8/5 11:34 Scan duration : 178 sec Plugin ID: 19506 Traceroute Information Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.17.20.1 : 172.30.0.67 172.20.20.1 172.20.0.2 172.17.20.1 Plugin ID: 10287 Port ntp (123/udp) [-/+] Network Time Protocol (NTP) Server Detection Page 3 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

An NTP server is listening on the remote host. Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

Description: The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if t he 'enable' password is not set either or is also a default password. Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Access this device and set a password using 'enable secret' Plugin output: Plugin Output : It was possible to log in as 'cisco '/'cisco' Plugin ID: 23938 CVE: CVE-1999-0508 Service Detection A telnet server is running on this port. Page 4 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

22964 Unencrypted Telnet Server Synopsis: The remote Telnet server transmits traffic in clear text.

Description: The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an unencrypted channel is not recommended as logins, p asswords and commands are transferred in cleartext. An attacker may eavesdrop on a Telnet se ssion and obtain credentials or other sensitive information. Use of SSH is prefered nowadays as it p rotects credentials from eavesdropping and can tunnel additional data streams such as the X11 sess ion.

Risk factor: Low CVSS Base Score: 2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N Solution: Disable this service and use SSH instead. Plugin ID: 42263 Telnet Server Detection Synopsis: A Telnet server is listening on the remote port. Description: The remote host is running a Telnet server, a remot e terminal server.

Risk factor: None Solution: Disable this service if you do not use it. Plugin output: Here is the banner from the remote Telnet server : ------------------------------ snip --------------------------- --- User Access Verification Username: ------------ ------------------ snip ------------------------------ Plugin ID: 10281 [^] Back to 172.17.20.1 [^] Back 172.18.20.1 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:37:35 2010 Number of vulnerabilities Page 5 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Open ports : 5 High : 1 Medium : 0 Low : 8 Remote host information Operating System : KYOCERA Printer NetBIOS name : DNS name : [^] Back to 172.18.20.1 Port general (0/icmp) [-/+] ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x 12:W4128:O0204ffff:M536:

nessus_syn_scanner Port range : default Thorough te sts : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : Page 6 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht 2010/8/5 11:34 Scan duration : 177 sec Plugin ID:

19506 Traceroute Information Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.18.20.1 : 172.30.0.67 172.20.20.1 172.19.0.1 172.18.20.1 Plugin ID: 10287 Port ntp (123/udp) [-/+] Network Time Protocol (NTP) Server Detection Synopsis: An NTP server is listening on the remote host.

Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

The remote device has a factory password set. Description: The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if t he 'enable' password is not set either or is also a default password. Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Access this device and set a password using 'enable secret' Plugin output: Plugin Output : It was possible to log in as 'cisco '/'cisco' Plugin ID: 23938 CVE: CVE-1999-0508 Service Detection A telnet server is running on this port. Plugin ID: 22964 Unencrypted Telnet Server Synopsis: The remote Telnet server transmits traffic in clear text.

Risk factor: Low CVSS Base Score: 2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N Solution: Disable this service and use SSH instead. Plugin ID: 42263 Telnet Server Detection Page 8 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

A Telnet server is listening on the remote port. Description: The remote host is running a Telnet server, a remot e terminal server.

Risk factor: None Solution: Disable this service if you do not use it. Plugin output: Here is the banner from the remote Telnet server : ------------------------------ snip --------------------------- --- User Access Verification Username: ------------ ------------------ snip ------------------------------ Plugin ID: 10281 [^] Back to 172.18.20.1 [^] Back 172.19.20.1 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:37:04 2010 Number of vulnerabilities Open ports : 5 High : 0 Medium : 0 Low : 9 Remote host information Operating System : CISCO IOS 12 CISCO PIX NetBIOS name : DNS name : [^] Back to 172.19.20.1 Port general (0/icmp) [-/+] ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Page 9 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Solution:

Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94 OS Identification Remote operating system : CISCO IOS 12 CISCO PIX Co nfidence Level : 69 Method : SSH Not all fingerprints could give a match - please email the following to [email protected] : NTP:!:UNIX SinFP: P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11 013:F0x12:W4128:O0204ffff:M536:

P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=22R SSH:SSH -2.0-Cisco-1.25 The remote host is running one of these operating systems : CISCO IOS 12 CISCO PIX Plugin ID: 11936 Common Platform Enumeration (CPE) Synopsis: It is possible to enumerate CPE names that matched on the remote system.

Description: By using information obtained from a Nessus scan, t his plugin reports CPE (Common Platform Enumeration) matches for various hardware and softw are products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. Risk factor: None See also: http://cpe.mitre.org/ Solution: n/a Plugin output: The remote operating system matched the following C PEs : cpe:/o:cisco:ios:12 cpe:/o:cisco:pix_firewall Plugin ID: 45590 Nessus Scan Information Information about this scan : Nessus version : 4.2. 2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

nessus_syn_scanner Port range : default Thorough te sts : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : Page 10 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht 2010/8/5 11:34 Scan duration : 146 sec Plugin ID:

19506 Traceroute Information Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.19.20.1 : 172.30.0.67 172.20.20.1 172.19.20.1 Plugin ID: 10287 Port ntp (123/udp) [-/+] Network Time Protocol (NTP) Server Detection Synopsis: An NTP server is listening on the remote host.

Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

Risk factor: None Solution: n/a Plugin output: It was possible to gather the following information f rom the remote NTP host : version='4', processor='unknown', system='UNIX', leap=3, stratum= 16, precision=-24, rootdelay=0.000, rootdispersion=45894.944, peer=0, refid=INIT, refti me=0x00000000.00000000, poll=6, clock=0xD00558DE.3C2417C4, state=1, offset=0.000, f requency=0.000, jitter=0.000, noise=0.000, stability=0.000 Plugin ID: 10884 Port ssh (22/tcp) [-/+] Service Detection Page 11 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht An SSH server is running on this port. Plugin ID: 22964 SSH Server Type and Version Information Synopsis: An SSH server is listening on this port. Description: It is possible to obtain information about the remo te SSH server by sending an empty authentication request. Risk factor: None Solution: n/a Plugin output: SSH version : SSH-2.0-Cisco-1.25 SSH supported auth entication : keyboard-interactive,password Plugin ID: 10267 SSH Protocol Versions Supported Synopsis: A SSH server is running on the remote host. Description: This plugin determines the versions of the SSH prot ocol supported by the remote SSH daemon.

Risk factor: None Solution: n/a Plugin output: The remote SSH daemon supports the following version s of the SSH protocol : - 1.99 - 2.0 SSHv2 host key fingerprint : 9b:3d:7c:93:84:73:58:72:a8:b4:67: b4:f7:ea:d0:46 Plugin ID: 10881 [^] Back to 172.19.20.1 [^] Back 172.20.20.1 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:37:31 2010 Number of vulnerabilities Page 12 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Open ports : 6 High : 1 Medium : 0 Low : 9 Remote host information Operating System : KYOCERA Printer NetBIOS name : DNS name : [^] Back to 172.20.20.1 Port general (0/icmp) [-/+] ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x 12:W4128:O0204ffff:M536:

P3:B11023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The rem ote host is running KYOCERA Printer Plugin ID: 11936 Nessus Scan Information Information about this scan : Nessus version : 4.2. 2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

nessus_syn_scanner Port range : default Thorough te sts : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : Page 13 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht 2010/8/5 11:34 Scan duration : 173 sec Plugin ID:

19506 Traceroute Information Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.20.20.1 : 172.30.0.67 172.20.20.1 Plugin ID: 10287 Port ntp (123/udp) [-/+] Network Time Protocol (NTP) Server Detection Synopsis: An NTP server is listening on the remote host. Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

Risk factor: None Solution: n/a Plugin output: It was possible to gather the following information f rom the remote NTP host : version='4', processor='unknown', system='UNIX', leap=3, stratum= 16, precision=-24, rootdelay=0.000, rootdispersion=45935.174, peer=0, refid=INIT, refti me=0x00000000.00000000, poll=6, clock=0xD0055933.709DBD75, state=1, offset=0.000, f requency=0.000, jitter=0.000, noise=0.000, stability=0.000 Plugin ID: 10884 Port telnet (23/tcp) [-/+] Cisco Device Default Password Synopsis: Page 14 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht The remote device has a factory password set. Description: The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if t he 'enable' password is not set either or is also a default password. Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Access this device and set a password using 'enable secret' Plugin output: Plugin Output : It was possible to log in as 'cisco '/'cisco' Plugin ID: 23938 CVE: CVE-1999-0508 Service Detection A telnet server is running on this port. Plugin ID: 22964 Unencrypted Telnet Server Synopsis: The remote Telnet server transmits traffic in clear text.

Risk factor: Low CVSS Base Score: 2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N Solution: Disable this service and use SSH instead. Plugin ID: 42263 Telnet Server Detection Synopsis: Page 15 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht A Telnet server is listening on the remote port. Description: The remote host is running a Telnet server, a remot e terminal server.

Description: The remote host is running a TFTP (Trivial File Tra nsfer Protocol) daemon. TFTP is often used by routers and diskless hosts to retrieve their config uration. It is also used by worms to propagate.

Risk factor: None Solution: Disable this service if you do not use it. Plugin ID: 11819 [^] Back to 172.20.20.1 [^] Back 172.30.0.10 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:37:13 2010 Number of vulnerabilities Open ports : 22 High : 5 Medium : 2 Low : 37 Remote host information Page 16 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Operating System : Microsoft Windows Server 2003 Service Pack 1 NetBIOS name : WINDOWS01 DNS name : [^] Back to 172.30.0.10 Port general (0/icmp) [-/+] MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

Description: The remote host is vulnerable to a buffer overrun i n the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with the ' System' privileges.

Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms 08-067.mspx Plugin ID: 34477 CVE: CVE-2008-4250 BID: 31874 Other references: OSVDB:49243 ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

Page 17 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin output:

This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little endian format (not in network format) The remote clo ck is synchronized with the local clock. Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94 TCP/IP Timestamps Supported Synopsis: The remote service implements TCP timestamps.

Description: The remote host implements TCP timestamps, as defin ed by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

Risk factor: None See also: http://www.ietf.org/rfc/rfc1323.txt Solution: n/a Plugin ID: 25220 VMware Virtual Machine Detection Synopsis: The remote host seems to be a VMware virtual machine .

Description: According to the MAC address of its network adapter, the remote host is a VMware virtual machine.

Since it is physically accessible through the networ k, ensure that its configuration matches your organization's security policy. Risk factor: None Solution: n/a Plugin ID: 20094 Ethernet card brand Synopsis: The manufacturer can be deduced from the Ethernet O UI.

Page 18 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description:

Each ethernet MAC address starts with a 24-bit 'Orga nizationally Unique Identifier'. These OUI are registered by IEEE. Risk factor: None See also: http://standards.ieee.org/faqs/OUI.html See also: http://standards.ieee.org/regauth/oui/index.shtml Solution: n/a Plugin output: The following card manufacturers were identified : 00 :0c:29:d8:9d:dc : VMware, Inc. Plugin ID: 35716 OS Identification Remote operating system : Microsoft Windows Server 2 003 Service Pack 1 Confidence Level : 99 Method : MSRPC The remote host is running Microsoft Windows Server 2003 Service Pack 1 Plugin ID: 11936 Common Platform Enumeration (CPE) Synopsis: It is possible to enumerate CPE names that matched on the remote system.

Description: By using information obtained from a Nessus scan, t his plugin reports CPE (Common Platform Enumeration) matches for various hardware and softw are products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. Risk factor: None See also: http://cpe.mitre.org/ Solution: n/a Plugin output: The remote operating system matched the following C PE : cpe:/o:microsoft:windows_2003_server::sp1 -> Microsoft Windows 2003 Server Service Pack 1 Plugin ID: 45590 Nessus Scan Information Page 19 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

2010/8/5 11:34 Scan duration : 155 sec Plugin ID: 19506 Traceroute Information Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.30.0.10 : 172.30.0.67 172.30.0.10 Plugin ID: 10287 Port dce-rpc (1025/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1025 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345778-1234-abcd-ef00-01 23456789ac, version 1.0 Description :

Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.10 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : ecec0d70-a603-11d0- 96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Windows process :

unknown Annotation : NTDS Backup Interface Type : R emote RPC service TCP Port : 1025 IP :

172.30.0.10 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 16e0cf3a-a604-11d0- Page 20 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht 96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process :

unknown Annotation : NTDS Restore Interface Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.10 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : e3514235-4b06-11d1- ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process :

unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.10 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 12345778-1234-abcd- ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service TCP Port : 1025 IP : 172. 30.0.10 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 7cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Rem ote RPC service TCP Port : 1025 IP : 172.30.0.10 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00- 0123456789ab, version 1.0 Description : IPsec Servi ces (Windows XP & 2003) Windows process :

lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.10 Plugin ID: 10736 Port ncacn_http (1027/tcp) [-/+] Service Detection An ncacn_http server is running on this port. Plugin ID: 22964 COM+ Internet Services (CIS) Server Detection Synopsis: A COM+ Internet Services (CIS) server is listening on this port.

Description: COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on internet but only behind a firewall. Risk factor: None See also: http://msdn.microsoft.com/library/en-us/dndcom/html /cis.asp See also: http://support.microsoft.com/support/kb/articles/Q2 82/2/61.ASP Solution: If you do not use this service, disable it with DCOM CNFG. Otherwise, limit access to this port.

Plugin output: Server banner : ncacn_http/1.0 Plugin ID: 10761 Port dce-rpc (1037/tcp) [-/+] DCE Services Enumeration Page 21 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1037 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : f5cc59b4-4264-101a-8c59-08 002b2f8426, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Anno tation : NtFrs Service Type : Remote RPC service TCP Port : 1037 IP : 172.30.0.10 Object UUID : 0000 0000-0000-0000-0000-000000000000 UUID :

d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0 D escription : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs API Type : R emote RPC service TCP Port : 1037 IP : 172.30.0.10 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a00c021c-2be2-11d2-b678- 0000f87a8f8e, version 1.0 Description : File Replic ation Service Windows process : ntfrs.exe Annotation : PERFMON SERVICE Type : Remote RPC serv ice TCP Port : 1037 IP : 172.30.0.10 Plugin ID: 10736 Port dce-rpc (1040/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

172.30.0.10 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 5b821720-f63b-11d0- aad2-00c04fc324db, version 1.0 Description : DHCP S erver Service Windows process : unknown Type :

Remote RPC service TCP Port : 1040 IP : 172.30.0.10 Page 22 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

10736 Port dce-rpc (1048/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Risk factor: None Solution: n/a Plugin ID: 10884 Port epmap (135/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Page 23 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description:

By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available locally : Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb 0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : D HCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : 0000000 0-0000-0000-0000-000000000000 UUID :

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 D escription : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe :

DNSResolver Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 0a74ef1c-41a4-4e06- 83ae-dc74fb1cdd53, version 1.0 Description : Schedu ler Service Windows process : svchost.exe Type :

Local RPC service Named pipe : OLE435A12E49955410AA CF00D7B1AC2 Object UUID : 00000000-0000- 0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83 ae-dc74fb1cdd53, version 1.0 Description :

Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : wzcsvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE435A12E49955410AACF00D7B1AC2 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa005 1e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local R PC service Named pipe : wzcsvc Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 1ff7068 2-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE435A12E49955410AACF00D7B1AC2 Object UUID : edcfcc6c-3feb-406a-a134-65526ec0e44b UUID : 906b0ce0-c70b-1067-b317-00dd010662da, versio n 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe :

OLE52BE1243D8CB4BD393F45CAB3605 Object UUID : edcfc c6c-3feb-406a-a134-65526ec0e44b UUID :

906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 D escription : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC000000f8.00000001 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windo ws process : unknown Type : Local RPC service Named pipe : OLE9F42D7DEF0294F7EA727FF147CC6 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 6bffd098-a112-3610-9833-46c3f87 4532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC se rvice Named pipe : DHCPSERVERLPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windo ws process : unknown Type : Local RPC service Named pipe : OLE9F42D7DEF0294F7EA727FF147CC6 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc 324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC se rvice Named pipe : DHCPSERVERLPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs Servi ce Type : Local RPC service Named pipe : OLEDA5F6CA1F3 F54C3EB5FCC42796C1 Object UUID : 00000000 -0000-0000-0000-000000000000 UUID : f5cc59b4-4264-1 01a-8c59-08002b2f8426, version 1.0 Description : File Replication Service Windows proc ess : ntfrs.exe Annotation : NtFrs Service Type :

Local RPC service Named pipe : LRPC00000328.0000000 1 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : d049b186-814f-11d1-9a3c-00c04fc 9b232, version 1.0 Description : File Replication Service Windows process : ntfrs.exe Anno tation : NtFrs API Type : Local RPC service Named pipe : OLEDA5F6CA1F3F54C3EB5FCC42796C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, versio n 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : NtFrs API T ype : Local RPC service Named pipe : Page 24 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht LRPC00000328.00000001 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a00c021c- 2be2-11d2-b678-0000f87a8f8e, version 1.0 Descriptio n : File Replication Service Windows process :

ntfrs.exe Annotation : PERFMON SERVICE Type : Local RPC service Named pipe :

OLEDA5F6CA1F3F54C3EB5FCC42796C1 Object UUID : 00000 000-0000-0000-0000-000000000000 UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, versio n 1.0 Description : File Replication Service Windows process : ntfrs.exe Annotation : PERFMON SER VICE Type : Local RPC service Named pipe :

LRPC00000328.00000001 Object UUID : 046c5d0d-e349-4 fb7-a1cf-655b3ec26515 UUID : 906b0ce0- c70b-1067-b317-00dd010662da, version 1.0 Descriptio n : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC0000015c.00000001 Object UUID :

ec5a5803-49d8-4aad-8b91-8969db2a0710 UUID : 906b0ce 0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinat or Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC0000015c.00000001 Object U UID : 0a557f20-bea4-40d6-a11c- 24d8d2e5eb92 UUID : 906b0ce0-c70b-1067-b317-00dd010 662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe :

LRPC0000015c.00000001 Object UUID : 70b58eb6-94b4-4 dec-b909-2a73c86fb057 UUID : 906b0ce0- c70b-1067-b317-00dd010662da, version 1.0 Descriptio n : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC0000015c.00000001 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 1234577 8-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows p rocess : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000 -0000-000000000000 UUID : 12345778-1234- abcd-ef00-0123456789ac, version 1.0 Description : S ecurity Account Manager Windows process :

lsass.exe Type : Local RPC service Named pipe : sec urityevent Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345778-1234-abcd-ef00-01 23456789ac, version 1.0 Description :

Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe :

protected_storage Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345778-1234- abcd-ef00-0123456789ac, version 1.0 Description : S ecurity Account Manager Windows process :

lsass.exe Type : Local RPC service Named pipe : dsr ole Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91 ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type :

Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID :

ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0 D escription : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup In terface Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-00 00-0000-000000000000 UUID : ecec0d70-a603- 11d0-96b1-00a0c91ece30, version 2.0 Description : A ctive Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe :

protected_storage Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : ecec0d70-a603- 11d0-96b1-00a0c91ece30, version 2.0 Description : A ctive Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type : Local RPC service Named pipe : dsrole Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96b1- 00a0c91ece30, version 2.0 Description : Active Dire ctory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RP C service Named pipe : audit Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 16e0cf3 a-a604-11d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interfac e Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pi pe : securityevent Object UUID : 00000000-0000- 0000-0000-000000000000 UUID : 16e0cf3a-a604-11d0-96 b1-00a0c91ece30, version 2.0 Description :

Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore Interface Type : Local RPC service Named pipe : protected_sto rage Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 16e0cf3a-a604-11d0-96b1-00a0c91 ece30, version 2.0 Description : Active Directory Restore Interface Windows process : unkno wn Annotation : NTDS Restore Interface Type :

Local RPC service Named pipe : dsrole Object UUID : 00000000-0000-0000-0000-000000000000 UUID :

e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 D escription : Active Directory Replication Interface Windows process : unknown Annotation : MS N T Directory DRS Interface Type : Local RPC service Named pipe : audit Object UUID : 00000000-0 000-0000-0000-000000000000 UUID : e3514235- 4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Descriptio n : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS I nterface Type : Local RPC service Named pipe :

securityevent Object UUID : 00000000-0000-0000-0000 -000000000000 UUID : e3514235-4b06-11d1- ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process :

unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : Page 25 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06- 11d1-ab04-00c04fc2dcd2, version 4.0 Description : A ctive Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS I nterface Type : Local RPC service Named pipe :

dsrole Object UUID : 00000000-0000-0000-0000-000000 000000 UUID : e3514235-4b06-11d1-ab04- 00c04fc2dcd2, version 4.0 Description : Active Dire ctory Replication Interface Windows process :

unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00- 0123456789ab, version 0.0 Description : Local Secur ity Authority Windows process : lsass.exe Type :

Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID :

12345778-1234-abcd-ef00-0123456789ab, version 0.0 D escription : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000- 0000-0000-000000000000 UUID : 12345778-1234-abcd-ef 00-0123456789ab, version 0.0 Description :

Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe :

protected_storage Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345778-1234- abcd-ef00-0123456789ab, version 0.0 Description : L ocal Security Authority Windows process :

lsass.exe Type : Local RPC service Named pipe : dsr ole Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345778-1234-abcd-ef00-0123456 789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00- 01234567cffb, version 1.0 Description : Network Log on Service Windows process : lsass.exe Type :

Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID :

12345678-1234-abcd-ef00-01234567cffb, version 1.0 D escription : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000- 0000-0000-000000000000 UUID : 12345678-1234-abcd-ef 00-01234567cffb, version 1.0 Description :

Network Logon Service Windows process : lsass.exe Typ e : Local RPC service Named pipe :

protected_storage Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345678-1234- abcd-ef00-01234567cffb, version 1.0 Description : N etwork Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : dsrole Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, versio n 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000 -0000-0000-0000-000000000000 UUID : 12345678-1234-a bcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Win dows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Name d pipe : audit Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345678-1234-abcd-ef00-01 23456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass .exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass .exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : protected_sto rage Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass .exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : dsrole Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, versio n 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPS ec Policy agent endpoint Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0 000-0000-000000000000 UUID : 12345678- 1234-abcd-ef00-0123456789ab, version 1.0 Descriptio n : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe :

OLECE4771DD8343415CA907BDFCC79A Object UUID : 00000 000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, versio n 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Name d pipe : wzcsvc Plugin ID: 10736 Port netbios-ns (137/udp) [-/+] Windows NetBIOS / SMB Remote Host Information Disclosu re Page 26 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht Synopsis:

It is possible to obtain the network name of the rem ote host.

Description: The remote host listens on UDP port 137 or TCP port 445 and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins but does not itself generate a report. Risk factor: None Solution: n/a Plugin output: The following 8 NetBIOS names have been gathered : W INDOWS01 = Computer name VLABS = Workgroup / Domain name VLABS = Domain Controllers WINDOWS01 = File Server Service VLABS = Domain Master Browser VLABS = Browser Service Electi ons VLABS = Master Browser __MSBROWSE__ = Master Browser The remote host has the following MA C address on its adapter : 00:0c:29:d8:9d:dc Plugin ID: 10150 Port smb (139/tcp) [-/+] SMB Service Detection Synopsis: A file / print sharing service is listening on the remote host.

Description: The remote service understands the CIFS (Common Int ernet File System) or Server Message Block (SMB) protocol, used to provide shared access to fi les, printers, etc between nodes on a network.

Risk factor: None Solution: n/a Plugin output: An SMB server is running on this port. Plugin ID: 11011 Port msft-gc? (3268/tcp) [-/+] Port msft-gc-ssl? (3269/tcp)[-/+] Service Detection The service closed the connection without sending an y data. It might be protected by some sort of TCP wrapper. Page 27 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

22964 Port ldap (389/tcp) [-/+] LDAP Server NULL Bind Connection Information Disclosur e Synopsis:

The remote LDAP server allows anonymous access.

Description: The LDAP server on the remote host is currently con figured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it f or information. Although the queries that are allow ed are likely to be fairly restricted, this may result in disclosure of information that an attacker coul d find useful. Note that version 3 of the LDAP protocol re quires that a server allow anonymous access -- a 'NULL BIND' -- to the root DSA-Specific Entry (DSE) even though it may still require authentication to perform other queries. As such, this finding may be a false-positive.

Risk factor: Medium CVSS Base Score: 5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Solution: Unless the remote LDAP server supports LDAP v3, con figure it to disallow NULL BINDs.

Plugin ID: 10723 Other references: OSVDB:9723 LDAP NULL BASE Search Access Synopsis: The remote LDAP server may disclose sensitive infor mation.

Description: The remote LDAP server supports search requests wit h a null, or empty, base object. This allows information to be retrieved without any prior knowle dge of the directory structure. Coupled with a NULL BIND, an anonymous user may be able to query your L DAP server using a tool such as 'LdapMiner'.

Note that there are valid reasons to allow queries wi th a null base. For example, it is required in version 3 of the LDAP protocol to provide access to the roo t DSA-Specific Entry (DSE), with information about the supported naming context, authentication types, and the like. It also means that legitimate users can find information in the directory without any a priori knowledge of its structure. As such, this finding may be a false-positive. Risk factor: Medium CVSS Base Score: 5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Solution: If the remote LDAP server supports a version of the LDAP protocol before v3, consider whether to disable NULL BASE queries on your LDAP server. Page 28 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

10722 LDAP Server Detection Synopsis: There is an LDAP server active on the remote host.

Description: The remote host is running a Lightweight Directory A ccess Protocol, or LDAP, server. LDAP is a protocol for providing access to directory services over TCP /IP.

Risk factor: None See also: http://en.wikipedia.org/wiki/LDAP Solution: n/a Plugin ID: 20870 LDAP Crafted Search Request Server Information Disclos ure Synopsis:

It is possible to discover information about the re mote LDAP server.

Description: By sending a search request with a filter set to 'ob jectClass=*', it is possible to extract information about the remote LDAP server. Risk factor: None Solution: n/a Plugin output: [+]-namingContexts: | DC=vlabs,DC=local | CN=Config uration,DC=vlabs,DC=local | CN=Schema,CN=Configuration,DC=vlabs,DC=local | DC=D omainDnsZones,DC=vlabs,DC=local | DC=ForestDnsZones,DC=vlabs,DC=local Plugin ID: 25701 Port cifs (445/tcp) [-/+] MS06-040: Vulnerability in Server Service Could Allow R emote Code Execution (921883) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

Description: The remote host is vulnerable to a buffer overrun i n the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYST EM' privileges. Page 29 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP and 2003 :

http://www.microsoft.com/technet/security/bulletin/ms 06-040.mspx Plugin ID: 22194 CVE: CVE-2006-3439 BID: 19409 Other references: OSVDB:27845 MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check) Synopsis: It is possible to crash the remote host due to a fl aw in SMB.

Description: The remote host is affected by a memory corruption vulnerability in SMB that may allow an attacker to execute arbitrary code or perform a denial of servi ce against the remote host.

Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms 09-001.mspx Plugin ID: 35362 CVE: CVE-2008-4834, CVE-2008-4835, CVE-2008-4114 BID: 31179, 33121, 33122 Other references: OSVDB:48153, OSVDB:52691, OSVDB:52692 MS06-035: Vulnerability in Server Service Could Allow R emote Code Execution (917159) (uncredentialed check) Page 30 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

Description: The remote host is vulnerable to heap overflow in t he 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYST EM' privileges. In addition to this, the remote host is also affected by an information disclosure vulne rability in SMB that may allow an attacker to obtain portions of the memory of the remote host. Risk factor: High CVSS Base Score: 7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P Solution: Microsoft has released a set of patches for Windows 2000, XP and 2003 :

http://www.microsoft.com/technet/security/bulletin/ms 06-035.mspx Plugin ID: 22034 CVE: CVE-2006-1314, CVE-2006-1315 BID: 18863, 18891 Other references: OSVDB:27154, OSVDB:27155 MS05-027: Vulnerability in SMB Could Allow Remote Cod e Execution (896422) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host d ue to a flaw in the SMB implementation.

Description: The remote version of Windows contains a flaw in the Server Message Block (SMB) implementation that may allow an attacker to execute arbitrary code on t he remote host. An attacker does not need to be authenticated to exploit this flaw. Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP and 2003 :

http://www.microsoft.com/technet/security/bulletin/ms 05-027.mspx Plugin ID: 18502 CVE: CVE-2005-1206 Page 31 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht BID: 13942 Other references: IAVA:2005-t-0019, OSVDB:17308 DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WINDOWS01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d- 740be8cee98b, version 1.0 Description : Scheduler S ervice Windows process : svchost.exe Type :

Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WINDOWS01 Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : 12345778-1234-ab cd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows proce ss : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Objec t UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345778-1234-abcd-ef00-0123456 789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe :

\PIPE\protected_storage Netbios name : \\WINDOWS01 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : ecec0d70-a603-11d0-96b1-00a0c91 ece30, version 2.0 Description : Active Directory Backup Interface Windows process : unknown Annotation : NTDS Backup Interface Type :

Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : ecec0d70-a603-11 d0-96b1-00a0c91ece30, version 2.0 Description : Active Directory Backup Interface Win dows process : unknown Annotation : NTDS Backup Interface Type : Remote RPC service Named pipe : \P IPE\protected_storage Netbios name :

\\WINDOWS01 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 16e0cf3a-a604-11d0- 96b1-00a0c91ece30, version 2.0 Description : Active Directory Restore Interface Windows process :

unknown Annotation : NTDS Restore Interface Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Object UUID : 00000000-0 000-0000-0000-000000000000 UUID :

16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0 D escription : Active Directory Restore Interface Windows process : unknown Annotation : NTDS Restore I nterface Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\WIN DOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00 c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : un known Annotation : MS NT Directory DRS Interface Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : e351423 5-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Inte rface Windows process : unknown Annotation : MS NT Page 32 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Directory DRS Interface Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\WINDOWS01 Object UUID : 00000000-0000-0000 -0000-000000000000 UUID : 12345778- 1234-abcd-ef00-0123456789ab, version 0.0 Descriptio n : Local Security Authority Windows process :

lsass.exe Type : Remote RPC service Named pipe : \P IPE\lsass Netbios name : \\WINDOWS01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbio s name : \\WINDOWS01 Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : 12345678-1234-ab cd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Objec t UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 7cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Rem ote RPC service Named pipe :

\PIPE\protected_storage Netbios name : \\WINDOWS01 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass .exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name : \\WINDOWS01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 1234567 8-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Nam ed pipe : \PIPE\protected_storage Netbios name : \\WINDOWS01 Plugin ID: 10736 SMB Service Detection Synopsis: A file / print sharing service is listening on the remote host.

Risk factor: None Solution: n/a Plugin output: A CIFS server is running on this port. Plugin ID: 11011 SMB NativeLanManager Remote System Information Disclosu re Synopsis:

It is possible to obtain information about the remo te operating system.

Description: It is possible to get the remote operating system n ame and version (Windows and/or Samba) by sending an authentication request to port 139 or 44 5.

Risk factor: None Solution: Page 33 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht n/a Plugin output:

The remote Operating System is : Windows Server 2003 3790 Service Pack 1 The remote native lan manager is : Windows Server 2003 5.2 The remote SMB Domain Name is : VLABS Plugin ID: 10785 SMB Log In Possible Synopsis: It is possible to log into the remote host. Description: The remote host is running Microsoft Windows operati ng system or Samba, a CIFS/SMB server for Unix.

It was possible to log into it using one of the foll owing account : - NULL session - Guest account - Giv en Credentials Risk factor: None See also: http://support.microsoft.com/support/kb/articles/Q1 43/4/74.ASP See also: http://support.microsoft.com/support/kb/articles/Q2 46/2/61.ASP Solution: n/a Plugin output: - NULL sessions are enabled on the remote host Plugin ID: 10394 CVE: CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-20 00-0222, CVE-2002-1117, CVE-2005-3595 BID: 494, 990, 11199 Other references: OSVDB:297, OSVDB:3106, OSVDB:8230, OSVDB:10050 SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration Synopsis:

It is possible to obtain the domain SID. Description: By emulating the call to LsaQueryInformationPolicy( ) it was possible to obtain the domain SID (Security Identifier). The domain SID can then be used to get the list of users of the domain Risk factor: None Page 34 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Solution:

n/a Plugin output: The remote domain SID value is : 1-5-21-1152684087- 3219919749-3993949398 Plugin ID: 10398 CVE: CVE-2000-1200 BID: 959 Other references: OSVDB:715 SMB use domain SID to enumerate users Synopsis: It is possible to enumerate domain users. Description: Using the host SID, it is possible to enumerate the domain users on the remote Windows system.

Risk factor: None Solution: n/a Plugin output: - Administrator (id 500, Administrator account) - G uest (id 501, Guest account) - krbtgt (id 502, Kerberos account) - HelpServicesGroup (id 1000) - S UPPORT_388945a0 (id 1001) - TelnetClients (id 1002) - WINDOWS01$ (id 1003) - DnsAdmins (id 1104) - DnsUpdateProxy (id 1105) - DHCP Users (id 1106) - DHCP Administrators (id 1107) - XPSTUDENT$ (id 1108) - XPTEACHER$ (id 1109) - instructor (id 1117) - student (id 1118) Note that, in additio n to the Administrator, Guest, and Kerberos account s, Nessus has enumerated only those domain users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start U ID' and/or 'End UID' preferences for this plugin, then re-run the scan. Plugin ID: 10399 CVE: CVE-2000-1200 BID: 959 Other references: OSVDB:714 SMB Registry : Nessus Cannot Access the Windows Registr y Synopsis:

Nessus is not able to access the remote Windows Regi stry. Page 35 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description:

It was not possible to connect to PIPE\winreg on the remote host. If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote Registry Access' service (winreg) has been disabled on the remote hos t or can not be connected to with the supplied credentials. Risk factor: None Solution: n/a Plugin ID: 26917 Windows SMB NULL Session Authentication Synopsis: It is possible to log into the remote Windows host wi th a NULL session.

Description: The remote host is running Microsoft Windows, and it was possible to log into it using a NULL session (i.e., with no login or password). An unauthenticate d remote attacker can leverage this issue to get information about the remote host. Risk factor: None See also: http://support.microsoft.com/kb/q143474/ See also: http://support.microsoft.com/kb/q246261/ Solution: n/a Plugin ID: 26920 CVE: CVE-1999-0519, CVE-1999-0520, CVE-2002-1117 BID: 494 Other references: OSVDB:299 SMB LanMan Pipe Server Listing Disclosure Synopsis: It is possible to obtain network information. Description: It was possible to obtain the browse list of the remo te Windows system by send a request to the LANMAN pipe. The browse list is the list of the nea rest Windows systems of the remote host. Page 36 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

None Solution: n/a Plugin output: Here is the browse list of the remote host : WINDOWS 01 ( os : 5.2 ) Plugin ID: 10397 Other references: OSVDB:300 SMB LsaQueryInformationPolicy Function SID Enumeratio n Synopsis:

It is possible to obtain the host SID for the remot e host.

Description: By emulating the call to LsaQueryInformationPolicy( ), it was possible to obtain the host SID (Security Identifier). The host SID can then be used to get t he list of local users.

Risk factor: None See also: http://technet.microsoft.com/en-us/library/bb418944 .aspx Solution: You can prevent anonymous lookups of the host SID b y setting the 'RestrictAnonymous' registry setting to an appropriate value. Refer to the 'See also' se ction for guidance.

Plugin output: The remote host SID value is : 1-5-21-1152684087-32 19919749-3993949398 The value of 'RestrictAnonymous' setting is : unknown Plugin ID: 10859 CVE: CVE-2000-1200 BID: 959 Other references: OSVDB:715 SMB use host SID to enumerate local users Synopsis: It is possible to enumerate local users. Description: Using the host SID, it is possible to enumerate loc al users on the remote Windows system. Page 37 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

None Solution: n/a Plugin output: - Administrator (id 500, Administrator account) - G uest (id 501, Guest account) - HelpServicesGroup (i d 1000) - SUPPORT_388945a0 (id 1001) - TelnetClients (id 1002) - WINDOWS01$ (id 1003) - DnsAdmins (id 1104) - DnsUpdateProxy (id 1105) - DHCP Users ( id 1106) - DHCP Administrators (id 1107) - XPSTUDENT$ (id 1108) - XPTEACHER$ (id 1109) - instr uctor (id 1117) - student (id 1118) Note that, in addition to the Administrator and Guest accounts, N essus has enumerated only those local users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan. Plugin ID: 10860 CVE: CVE-2000-1200 BID: 959 Other references: OSVDB:714 Port kpasswd? (464/tcp) [-/+] Port dns (53/tcp)[-/+] DNS Server Detection Synopsis: A DNS server is listening on the remote host.

Description: The remote service is a Domain Name System (DNS) se rver, which provides a mapping between hostnames and IP addresses. Risk factor: None See also: http://en.wikipedia.org/wiki/Domain_Name_System Solution: Disable this service if it is not needed or restric t access to internal hosts only if the service is a vailable externally. Plugin ID: 11002 DNS Server Detection Synopsis: Page 38 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht A DNS server is listening on the remote host. Description: The remote service is a Domain Name System (DNS) se rver, which provides a mapping between hostnames and IP addresses. Risk factor: None See also: http://en.wikipedia.org/wiki/Domain_Name_System Solution: Disable this service if it is not needed or restric t access to internal hosts only if the service is a vailable externally. Plugin ID: 11002 Port http-rpc-epmap (593/tcp) [-/+] Service Detection An http-rpc-epmap is running on this port. Plugin ID: 22964 Port ldaps? (636/tcp) [-/+] Service Detection The service closed the connection without sending an y data. It might be protected by some sort of TCP wrapper. Plugin ID: 22964 Port kerberos? (88/tcp) [-/+] Kerberos Information Disclosure Synopsis: The remote Kerberos server is leaking information. Description: Nessus was able to retrieve the realm name and/or s erver time of the remote Kerberos server.

Risk factor: None Solution: n/a Plugin output: Nessus gathered the following information : Server t ime : 2010-08-05 15:35:23 UTC Realm :

VLABS.LOCAL Page 39 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

43829 [^] Back to 172.30.0.10 [^] Back 172.30.0.66 Scan Time Start time : Thu Aug 05 11:34:38 2010 End time : Thu Aug 05 11:43:07 2010 Number of vulnerabilities Open ports : 44 High : 6 Medium : 1 Low : 70 Remote host information Operating System : Microsoft Windows Server 2003 Service Pack 1 NetBIOS name : TARGETWINDOWS01 DNS name : [^] Back to 172.30.0.66 Port general (0/icmp) [-/+] MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

Description: The remote host is vulnerable to a buffer overrun i n the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with the ' System' privileges.

Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms 08-067.mspx Plugin ID: 34477 CVE: CVE-2008-4250 Page 40 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht BID: 31874 Other references: OSVDB:49243 ICMP Timestamp Request Remote Date Disclosure Synopsis: It is possible to determine the exact time set on t he remote host.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and th e outgoing ICMP timestamp replies (14).

Plugin output: The ICMP timestamps seem to be in little endian for mat (not in network format) The remote clock is synchronized with the local clock. Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94 TCP/IP Timestamps Supported Synopsis: The remote service implements TCP timestamps. Description: The remote host implements TCP timestamps, as defin ed by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

Risk factor: None See also: http://www.ietf.org/rfc/rfc1323.txt Solution: n/a Plugin ID: 25220 VMware Virtual Machine Detection Synopsis: Page 41 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht The remote host seems to be a VMware virtual machine.

Description: According to the MAC address of its network adapter, the remote host is a VMware virtual machine.

Description: Each ethernet MAC address starts with a 24-bit 'Orga nizationally Unique Identifier'. These OUI are registered by IEEE. Risk factor: None See also: http://standards.ieee.org/faqs/OUI.html See also: http://standards.ieee.org/regauth/oui/index.shtml Solution: n/a Plugin output: The following card manufacturers were identified : 00 :0c:29:d6:61:16 : VMware, Inc. Plugin ID: 35716 Additional DNS Hostnames Synopsis: Potential virtual hosts have been detected. Description: Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on name- based virtual hos ts.

Risk factor: None See also: http://en.wikipedia.org/wiki/Virtual_hosting Page 42 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Solution:

If you want to test them, re-scan using the special vhost syntax, such as : www.example.com [192.0.32.10] Plugin output: - targetwindows01 Plugin ID: 46180 OS Identification Remote operating system : Microsoft Windows Server 2 003 Service Pack 1 Confidence Level : 99 Method : MSRPC The remote host is running Microsoft Windows Server 2003 Service Pack 1 Plugin ID: 11936 Common Platform Enumeration (CPE) Synopsis: It is possible to enumerate CPE names that matched on the remote system.

Description: By using information obtained from a Nessus scan, t his plugin reports CPE (Common Platform Enumeration) matches for various hardware and softw are products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. Risk factor: None See also: http://cpe.mitre.org/ Solution: n/a Plugin output: The remote operating system matched the following C PE : cpe:/o:microsoft:windows_2003_server::sp1 -> Microsoft Windows 2003 Server Service Pack 1 Here is the list of application CPE IDs that matched on the remote system : cpe:/a:microsoft:iis:6.0 -> Microsoft IIS 6.0 cpe:/a:microsoft:iis:6.0 -> Microsoft IIS 6.0 cpe:/a:microsoft:iis:6.0 -> Micro soft IIS 6.0 Plugin ID: 45590 Nessus Scan Information Information about this scan : Nessus version : 4.2. 2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :

2010/8/5 11:34 Scan duration : 509 sec Plugin ID: 19506 Web Application Tests Disabled Page 43 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

Web application tests were not enabled during the s can.

Description: One or several web servers were detected by Nessus, but neither the CGI tests nor the Web Application Tests were enabled. If you want to get a more comple te report, you should enable one of these features, or both. Please note that the scan might take significantly longer with these tests, which is why they are disabled by default. Risk factor: None See also: http://blog.tenablesecurity.com/web-app-auditing/ Solution: To enable specific CGI tests, go to the 'Advanced' tab, select 'Global variable settings' and set 'Enable CGI scanning'. To generic enable web application tes ts, go to the 'Advanced' tab, select 'Web Application Tests Settings' and set 'Enable web app lications tests'. You may configure other options, for example HTTP credentials in 'Login configurations', or form-based authentication in 'HTTP login page'. Plugin ID: 43067 Open Port Re-check Synopsis: Previously open ports are now closed. Description: One of several ports that were previously open are n ow closed or unresponsive. There are numerous possible causes for this failure : - The scan may h ave caused a service to freeze or stop running. - A n administrator may have stopped a particular service during the scanning process. This might be an availability problem related to the following reason s : - A network outage has been experienced during the scan, and the remote network cannot be reached f rom the Vulnerability Scanner any more. - This Vulnerability Scanner has been blacklisted by the s ystem administrator or by automatic intrusion detection/prevention systems which have detected the vulnerability assessment. - The remote host is now down, either because a user turned it off during the scan or because a select denial of service was effective. In any case, the audit of the remote hos t might be incomplete and may need to be done again Risk factor: None Solution: - increase checks_read_timeout and/or reduce max_ch ecks - disable your IPS during the Nessus scan Plugin output: Port 1994 was detected as being open but is now clos ed Plugin ID: 10919 Traceroute Information Synopsis: It was possible to obtain traceroute information. Page 44 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description:

Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 1 72.30.0.67 to 172.30.0.66 : 172.30.0.67 172.30.0.66 Plugin ID: 10287 Port dce-rpc (1025/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.66 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 12345678-1234-abcd- ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process :

lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service TCP Port : 1025 IP :

172.30.0.66 Plugin ID: 10736 Port dce-rpc (1026/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using Page 45 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1026 : Object UUID : 07d0d68a-fecc-4ccc- a540-b7fbb40e0a74 UUID : 906b0ce0-c70b-1067-b317-00 dd010662da, version 1.0 Description :

Distributed Transaction Coordinator Windows process : msdtc.exe Type : Remote RPC service TCP Port : 1026 IP : 172.30.0.66 Object UUID : 91f4314a -ffa9-410f-b292-db2e3cf7f472 UUID : 906b0ce0- c70b-1067-b317-00dd010662da, version 1.0 Descriptio n : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Remote RPC service TCP P ort : 1026 IP : 172.30.0.66 Object UUID :

296c459f-9a7c-4286-9457-3f8bea99a7a5 UUID : 906b0ce 0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator W indows process : msdtc.exe Type : Remote RPC service TCP Port : 1026 IP : 172.30.0.66 Object UUI D : 9d9c253b-be1e-4a41-bc9f-cd2b443e5ab6 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, versio n 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Remot e RPC service TCP Port : 1026 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1031/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1031 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 50abc2a4-574d-40b3-9d66-ee 4fd5fba076, version 5.0 Description : DNS Server Windows process : dns.exe Type : Remote RPC s ervice TCP Port : 1031 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1032/tcp) [-/+] DCE Services Enumeration Synopsis: Page 46 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1032 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00 aa006887b0, version 2.0 Description :

Internet Information Service (IISAdmin) Windows proc ess : inetinfo.exe Type : Remote RPC service TCP Port : 1032 IP : 172.30.0.66 Object UUID : 00000000 -0000-0000-0000-000000000000 UUID : 8cfb5d70 -31a4-11cf-a7d8-00805f48a135, version 3.0 Descripti on : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC service TC P Port : 1032 IP : 172.30.0.66 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : bfa951d 1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1032 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4f82f460-0e21-11cf-909e-00805f48a135, version 4.0 Description : Internet Information Serv ice (NNTP) Windows process : inetinfo.exe Type :

Remote RPC service TCP Port : 1032 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1033/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1033 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00 805f48a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinf o.exe Type : Remote RPC service TCP Port : 1033 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0 000-000000000000 UUID : bfa951d1-2f0e-11d3- bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1033 IP : 172.30.0.66 Object UUID : 00000000 -0000-0000-0000-000000000000 UUID : 4f82f460- 0e21-11cf-909e-00805f48a135, version 4.0 Descriptio n : Internet Information Service (NNTP) Windows Page 47 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht process : inetinfo.exe Type : Remote RPC service TCP Port : 1033 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1034/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1034 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00 c04fa3490a, version 1.0 Description :

Unknown RPC service Type : Remote RPC service TCP P ort : 1034 IP : 172.30.0.66 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 4f82f46 0-0e21-11cf-909e-00805f48a135, version 4.0 Description : Internet Information Service (NNTP) W indows process : inetinfo.exe Type : Remote RPC service TCP Port : 1034 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1041/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1041 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08 002b2efabe, version 1.0 Description : Wins Page 48 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Service Windows process : wins.exe Type : Remote RPC service TCP Port : 1041 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows proc ess : wins.exe Type : Remote RPC service TCP Port : 1041 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1042/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1042 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : fdb3a030-065f-11d1-bb9b-00 a024ea5525, version 1.0 Description :

Message Queuing Service Windows process : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Remote RPC service TCP Port : 1042 IP : 172. 30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 76d12b80-3467-11d3-91ff-0090272 f9ea3, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QMRT V2 Type :

Remote RPC service TCP Port : 1042 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1088a980-eae5-11d0-8d9b-00a0245 3c337, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QM2QM V1 Type :

Remote RPC service TCP Port : 1042 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca 47f28, version 1.0 Description : Unknown RPC service Annotation : Message Queuing - RemoteRe ad V1 Type : Remote RPC service TCP Port :

1042 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (1043/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Page 49 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 1043 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 6bffd098-a112-3610-9833-46 c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Remot e RPC service TCP Port : 1043 IP :

172.30.0.66 Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : 5b821720-f63b-11d0- aad2-00c04fc324db, version 1.0 Description : DHCP S erver Service Windows process : unknown Type :

Remote RPC service TCP Port : 1043 IP : 172.30.0.66 Plugin ID: 10736 Port nntp (119/tcp) [-/+] Service Detection An NNTP server is running on this port. Plugin ID: 22964 News Server (NNTP) Information Disclosure Synopsis: Information about the remote NNTP server can be col lected.

Description: By probing the remote NNTP server, Nessus is able t o collect information about it, such as whether it allows remote connections, the number of newsgroups, etc.

Risk factor: None Solution: Disable this server if it is not used. Plugin output: This NNTP server allows unauthenticated connections. For your information, we counted 3 newsgroups on this NNTP server: 0 in the alt hierarchy, 0 in r ec, 0 in biz, 0 in sci, 0 in soc, 0 in misc, 0 in news, 0 in comp, 0 in talk, 0 in humanities. Although this ser ver says it allows posting, we were unable to send a message (posted in alt.test). Plugin ID: 11033 Port daytime (13/tcp) [-/+] Unknown Service Detection: HELP Request Daytime is running on this port Plugin ID: 11153 Page 50 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Daytime Service Detection Synopsis:

A daytime service is running on the remote host Description: The remote host is running a 'daytime' service. Thi s service is designed to give the local time of the day of this host to whoever connects to this port. The d ate format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed authentication attacks against the remote host. In addition, if th e daytime service is running on a UDP port, an attacker may link it to the echo port of a third-pa rty host using spoofing, thus creating a possible d enial of service condition between this host and the third party.

Risk factor: None Solution: - Under Unix systems, comment out the 'daytime' lin e in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke ys to 0 :

HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableTcpDaytime HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableUdpDaytime Then launch cmd.exe and type : net stop simptcp net start simpt cp To restart the service.

Plugin ID: 10052 Daytime Service Detection Synopsis: A daytime service is running on the remote host Description: The remote host is running a 'daytime' service. Thi s service is designed to give the local time of the day of this host to whoever connects to this port. The d ate format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed authentication attacks against the remote host. In addition, if th e daytime service is running on a UDP port, an attacker may link it to the echo port of a third-pa rty host using spoofing, thus creating a possible d enial of service condition between this host and the third party.

Risk factor: None Solution: - Under Unix systems, comment out the 'daytime' lin e in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke ys to 0 :

Plugin ID: 10052 Port epmap (135/tcp) [-/+] DCE Services Enumeration Synopsis: Page 51 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available locally : Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb 0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : D HCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : 0000000 0-0000-0000-0000-000000000000 UUID :

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 D escription : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe :

DNSResolver Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : d674a233-5829-49dd- 90f0-60cf9ceb7129, version 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type :

Local RPC service Named pipe : trkwks Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, versio n 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Local RPC service N amed pipe : senssvc Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : d674a233-5829-49 dd-90f0-60cf9ceb7129, version 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Local RPC service Named pipe :

SECLOGON Object UUID : 00000000-0000-0000-0000-0000 00000000 UUID : d674a233-5829-49dd-90f0 -60cf9ceb7129, version 1.0 Description : Unknown RP C service Annotation : ICF+ FW API Type : Local RPC service Named pipe : keysvc Object UUID : 8c71f 82f-c4b5-445d-bd77-f4df53f25025 UUID :

906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 D escription : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe :

OLE8C75BFE27468490EA46AB826B6BB Object UUID : 8c71f 82f-c4b5-445d-bd77-f4df53f25025 UUID :

2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0 D escription : Unknown RPC service Annotation :

Unimodem LRPC Endpoint Type : Local RPC service Nam ed pipe : unimdmsvc Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : 6bffd098-a112-36 10-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe :

OLE583FD74FA324462D970C92C1D2CE Object UUID : 00000 000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, versio n 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Na med pipe : DHCPSERVERLPC Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 5b82172 0-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows proce ss : unknown Type : Local RPC service Named pipe : OLE583FD74FA324462D970C92C1D2CE Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc 324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC se rvice Named pipe : DHCPSERVERLPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1.0 Description : Message Queuing Service W indows process : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Local RPC service Named pi pe : QMsvc$targetwindows01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : fdb3a03 0-065f-11d1-bb9b-00a024ea5525, version 1.0 Description : Message Queuing Service Windows pr ocess : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Local RPC service Named pi pe : QMMgmtFacility$targetwindows01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76d12b80-3467-11d3-91ff-0090272f9ea3, Page 52 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotation : Message Queuing - QMRT V2 Type : Local RPC service Named pi pe : QMsvc$targetwindows01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 76d12b8 0-3467-11d3-91ff-0090272f9ea3, version 1.0 Description : Message Queuing Service Windows pr ocess : mqsvc.exe Annotation : Message Queuing - QMRT V2 Type : Local RPC service Named pi pe : QMMgmtFacility$targetwindows01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1088a980-eae5-11d0-8d9b-00a02453c337, version 1.0 Description : Message Queuing Service W indows process : mqsvc.exe Annotation : Message Queuing - QM2QM V1 Type : Local RPC service Named p ipe : QMsvc$targetwindows01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 1088a98 0-eae5-11d0-8d9b-00a02453c337, version 1.0 Description : Message Queuing Service Windows pr ocess : mqsvc.exe Annotation : Message Queuing - QM2QM V1 Type : Local RPC service Named p ipe : QMMgmtFacility$targetwindows01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca47f28, version 1.0 Description : Unknown RPC service Annota tion : Message Queuing - RemoteRead V1 Type :

Local RPC service Named pipe : QMsvc$targetwindows01 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca 47f28, version 1.0 Description : Unknown RPC service Annotation : Message Queuing - RemoteRe ad V1 Type : Local RPC service Named pipe :

QMMgmtFacility$targetwindows01 Object UUID : 00000000 -0000-0000-0000-000000000000 UUID :

45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0 D escription : Wins Service Windows process :

wins.exe Type : Local RPC service Named pipe : OLE94 E42FBD08BE40B1A3DBC6318FE7 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 45f52c2 8-7f9f-101a-b52b-08002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe :

LRPC000003e4.00000001 Object UUID : 00000000-0000-0 000-0000-000000000000 UUID : 811109bf- a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Descriptio n : Wins Service Windows process : wins.exe Type : Local RPC service Named pipe : OLE94E42FBD08 BE40B1A3DBC6318FE7 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 811109b f-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 Description : Wins Service Windows process : wins .exe Type : Local RPC service Named pipe :

LRPC000003e4.00000001 Object UUID : 00000000-0000-0 000-0000-000000000000 UUID : 82ad4280- 036b-11cf-972c-00aa006887b0, version 2.0 Descriptio n : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Local RPC serv ice Named pipe :

OLE8F25C46D6AE44A8CA4AF36FBE70B Object UUID : 00000 000-0000-0000-0000-000000000000 UUID : 82ad4280-036b-11cf-972c-00aa006887b0, versio n 2.0 Description : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Loc al RPC service Named pipe : INETINFO_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8- 00805f48a135, version 3.0 Description : Internet In formation Service (SMTP) Windows process :

inetinfo.exe Type : Local RPC service Named pipe : OLE8F25C46D6AE44A8CA4AF36FBE70B Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 Description : Internet Information Serv ice (SMTP) Windows process : inetinfo.exe Type :

Local RPC service Named pipe : INETINFO_LPC Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 8cfb5d70-31a4-11cf-a7d8-00805f4 8a135, version 3.0 Description : Internet Information Service (SMTP) Windows process : inetinf o.exe Type : Local RPC service Named pipe :

SMTPSVC_LPC Object UUID : 00000000-0000-0000-0000-0 00000000000 UUID : bfa951d1-2f0e-11d3- bfd1-00c04fa3490a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE8F25C46D6AE44A8CA4AF36FBE70B Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, versio n 1.0 Description : Unknown RPC service Type :

Local RPC service Named pipe : INETINFO_LPC Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa 3490a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : SMTPS VC_LPC Object UUID : 00000000-0000-0000-0000 -000000000000 UUID : 4f82f460-0e21-11cf-909e-00805f 48a135, version 4.0 Description : Internet Information Service (NNTP) Windows process : inetin fo.exe Type : Local RPC service Named pipe :

OLE8F25C46D6AE44A8CA4AF36FBE70B Object UUID : 00000 000-0000-0000-0000-000000000000 UUID : 4f82f460-0e21-11cf-909e-00805f48a135, versio n 4.0 Description : Internet Information Service (NNTP) Windows process : inetinfo.exe Type : Local RPC service Named pipe : INETINFO_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4f82f460-0e21-11cf-909e-00805f48a135, version 4.0 Description : Internet Information Serv ice (NNTP) Windows process : inetinfo.exe Type :

Local RPC service Named pipe : SMTPSVC_LPC Object U UID : 00000000-0000-0000-0000- 000000000000 UUID : 4f82f460-0e21-11cf-909e-00805f4 8a135, version 4.0 Description : Internet Information Service (NNTP) Windows process : inetin fo.exe Type : Local RPC service Named pipe :

NNTPSVC_LPC Object UUID : 07d0d68a-fecc-4ccc-a540-b 7fbb40e0a74 UUID : 906b0ce0-c70b-1067- Page 53 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process :

msdtc.exe Type : Local RPC service Named pipe : LRP C000006d0.00000001 Object UUID : 91f4314a- ffa9-410f-b292-db2e3cf7f472 UUID : 906b0ce0-c70b-10 67-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator W indows process : msdtc.exe Type : Local RPC service Named pipe : LRPC000006d0.00000001 Object UUID : 29 6c459f-9a7c-4286-9457-3f8bea99a7a5 UUID :

906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 D escription : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC000006d0.00000001 Object UUID : 9d9c253b-be1e-4a41-bc9f-cd2b443e5ab6 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction C oordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC000006d0.00000001 Obje ct UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345778-1234-abcd-ef00-0123456 789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00 000000-0000-0000-0000-000000000000 UUID :

12345778-1234-abcd-ef00-0123456789ac, version 1.0 D escription : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000- 0000-0000-0000-000000000000 UUID : 12345778-1234-ab cd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows proce ss : lsass.exe Type : Local RPC service Named pipe : dsrole Object UUID : 00000000-0000-0000-0000 -000000000000 UUID : 12345678-1234-abcd- ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process :

lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation :

IPSec Policy agent endpoint Type : Local RPC servic e Named pipe : securityevent Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 1234567 8-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Name d pipe : dsrole Object UUID : 00000000-0000-0000 -0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-7 40be8cee98b, version 1.0 Description :

Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : wzcsvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE2448CD1D428640C2977609B29D0F Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa005 1e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local R PC service Named pipe : wzcsvc Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 378e52b 0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE2448CD1D428640C2977609B29D0F Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1 cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local R PC service Named pipe : wzcsvc Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 0a74ef1 c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE2448CD1D428640C2977609B29D0F Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : d674a233-5829-49dd-90f0-60cf9ce b7129, version 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Local R PC service Named pipe : wzcsvc Object UUID :

00000000-0000-0000-0000-000000000000 UUID : d674a23 3-5829-49dd-90f0-60cf9ceb7129, version 1.0 Description : Unknown RPC service Annotation : I CF+ FW API Type : Local RPC service Named pipe : OLE2448CD1D428640C2977609B29D0F Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : d674a233-5829-49dd-90f0-60cf9ce b7129, version 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Local R PC service Named pipe : AudioSrv Plugin ID: 10736 Page 54 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Port netbios-ns (137/udp)[-/+] Windows NetBIOS / SMB Remote Host Information Disclosu re Synopsis:

It is possible to obtain the network name of the rem ote host.

Description: The remote host listens on UDP port 137 or TCP port 445 and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins but does not itself generate a report. Risk factor: None Solution: n/a Plugin output: The following 6 NetBIOS names have been gathered : T ARGETWINDOWS01 = Computer name TARGETWINDOWS01 = File Server Service WORKGROUP = W orkgroup / Domain name WORKGROUP = Browser Service Elections WORKGROUP = Master Browser __MSBROWSE__ = Master Browser The remote host has the following MAC address on its ada pter : 00:0c:29:d6:61:16 Plugin ID: 10150 Port smb (139/tcp) [-/+] SMB Service Detection Synopsis: A file / print sharing service is listening on the remote host.

Risk factor: None Solution: n/a Plugin output: An SMB server is running on this port. Plugin ID: 11011 Port qotd (17/tcp) [-/+] Unknown Service Detection: GET Request qotd seems to be running on this port Plugin ID: 17975 Page 55 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Quote of the Day (QOTD) Service Detection Synopsis:

The quote service (qotd) is running on this host. Description: A server listens for TCP connections on TCP port 17 . Once a connection is established a short message is sent out the connection (and any data received i s thrown away). The service closes the connection after sending the quote. Another quote of the day s ervice is defined as a datagram based application on UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is received, an answering datagram is sent containing a quote (the data in th e received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a packet between two machi nes running qotd. This will cause them to spew characters at each other, slowing the machines down a nd saturating the network.

Risk factor: None Solution: - Under Unix systems, comment out the 'qotd' line i n /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke ys to 0 :

HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableTcpQotd HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableUdpQotd Then launch cmd.exe and type : net stop simptcp net start simptcp To re start the service.

Plugin ID: 10198 CVE: CVE-1999-0103 Other references: OSVDB:150 Quote of the Day (QOTD) Service Detection Synopsis: The quote service (qotd) is running on this host. Description: A server listens for TCP connections on TCP port 17 . Once a connection is established a short message is sent out the connection (and any data received i s thrown away). The service closes the connection after sending the quote. Another quote of the day s ervice is defined as a datagram based application on UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is received, an answering datagram is sent containing a quote (the data in th e received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a packet between two machi nes running qotd. This will cause them to spew characters at each other, slowing the machines down a nd saturating the network.

Risk factor: None Solution: - Under Unix systems, comment out the 'qotd' line i n /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke ys to 0 :

Page 56 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

10198 CVE: CVE-1999-0103 Other references: OSVDB:150 Port ms-streaming (1755/tcp) [-/+] Windows Media Service Server Detection Synopsis: A Windows Media Service server is listening on the r emote port.

Description: The remote host is running a Windows Media Service server a media streaming server.

Risk factor: None Solution: Ensure that use of this software is in agreement wi th your organization's acceptable use and security policies. Plugin output: Version 9.01.01.3814 of Microsoft Media Services is running on this port.

Plugin ID: 46016 Port msmq? (1801/tcp) [-/+] Port chargen (19/tcp)[-/+] Service Detection A chargen server is running on this port. Plugin ID: 22964 Port stun-port? (1994/tcp) [-/+] Unknown Service Detection: Banner Retrieval Synopsis: There is an unknown service running on the remote ho st.

Description: Nessus was unable to identify a service on the remo te host even though it returned a banner of some type. Risk factor: None Page 57 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Solution:

N/A Plugin output: If you know what this service is, please send a desc ription along with the following output to svc- [email protected] : Port : 1994 Type : spontane ous Banner : 0x00: 00 14 0C 00 00 00 F4 C0 02 3C C0 08 62 B4 D1 AE .........<..b... 0x10: 2D 5B 0 0 00 00 00 -[.... Plugin ID: 11154 Port ftp (21/tcp) [-/+] Service Detection An FTP server is running on this port. Plugin ID: 22964 FTP Server Detection Synopsis: An FTP server is listening on this port.

Description: It is possible to obtain the banner of the remote F TP server by connecting to the remote port.

Risk factor: None Solution: N/A Plugin output: The remote FTP banner is : 220-EXPERIMANTAL BUILD 2 20-NOT FOR PRODUCTION USE 220- 220 Implementing draft-bryan-ftp-hash-02 Plugin ID: 10092 FTP Supports Clear Text Authentication Synopsis: The remote FTP server allows credentials to be tran smitted in clear text.

Description: The remote FTP does not encrypt its data and contro l connections. The user name and password are transmitted in clear text and may be intercepted by a network sniffer, or a man-in-the-middle attack.

Risk factor: Low CVSS Base Score: 2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N Solution: Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server such as data and control connections must be encrypted. Page 58 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

34324 Port dce-rpc (2103/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

Message Queuing Service Windows process : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Remote RPC service TCP Port : 2103 IP : 172. 30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 76d12b80-3467-11d3-91ff-0090272 f9ea3, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QMRT V2 Type :

Remote RPC service TCP Port : 2103 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1088a980-eae5-11d0-8d9b-00a0245 3c337, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QM2QM V1 Type :

Remote RPC service TCP Port : 2103 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca 47f28, version 1.0 Description : Unknown RPC service Annotation : Message Queuing - RemoteRe ad V1 Type : Remote RPC service TCP Port :

2103 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (2105/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

N/A Plugin output: The following DCERPC services are available on TCP p ort 2105 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : fdb3a030-065f-11d1-bb9b-00 a024ea5525, version 1.0 Description :

Message Queuing Service Windows process : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Remote RPC service TCP Port : 2105 IP : 172. 30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 76d12b80-3467-11d3-91ff-0090272 f9ea3, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QMRT V2 Type :

Remote RPC service TCP Port : 2105 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1088a980-eae5-11d0-8d9b-00a0245 3c337, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QM2QM V1 Type :

Remote RPC service TCP Port : 2105 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca 47f28, version 1.0 Description : Unknown RPC service Annotation : Message Queuing - RemoteRe ad V1 Type : Remote RPC service TCP Port :

2105 IP : 172.30.0.66 Plugin ID: 10736 Port dce-rpc (2107/tcp) [-/+] DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host. Description: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DC E) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Risk factor: None Solution: N/A Plugin output: The following DCERPC services are available on TCP p ort 2107 : Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : fdb3a030-065f-11d1-bb9b-00 a024ea5525, version 1.0 Description :

Message Queuing Service Windows process : mqsvc.exe Annotation : Message Queuing - QMRT V1 Type : Remote RPC service TCP Port : 2107 IP : 172. 30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 76d12b80-3467-11d3-91ff-0090272 f9ea3, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QMRT V2 Type :

Remote RPC service TCP Port : 2107 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1088a980-eae5-11d0-8d9b-00a0245 3c337, version 1.0 Description : Message Queuing Service Windows process : mqsvc.exe Annotati on : Message Queuing - QM2QM V1 Type :

Remote RPC service TCP Port : 2107 IP : 172.30.0.66 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 1a9134dd-7b39-45ba-ad88-44d01ca 47f28, version 1.0 Description : Unknown RPC service Annotation : Message Queuing - RemoteRe ad V1 Type : Remote RPC service TCP Port :

2107 IP : 172.30.0.66 Plugin ID: 10736 Page 60 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Port smtp (25/tcp)[-/+] MS10-024: Vulnerabilities in Microsoft Exchange and W indows SMTP Service Could Allow Denial of Service (981832) (uncredentialed check) Synopsis: The remote mail server may be affected by multiple vulnerabilities.

Description: The installed version of Microsoft Exchange / Windo ws SMTP Service is affected at least one vulnerability : - Incorrect parsing of DNS Mail Exc hanger (MX) resource records could cause the Windows Simple Mail Transfer Protocol (SMTP) compone nt to stop responding until the service is restarted. (CVE-2010-0024) - Improper allocation of memory for interpreting SMTP command responses may allow an attacker to read random e-mail message fragments stored on the affected server. (CVE- 2010-0025) Risk factor: Medium CVSS Base Score: 5.0 CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, and 2008 as well as Exchange Server 2000, 2003, 2007, and 2010 : http://www.microso ft.com/technet/security/bulletin/ms10- 024.mspx Plugin output: The remote version of the smtpsvc.dll is 6.0.3790.1 830 versus 6.0.3790.4675.

Plugin ID: 45517 CVE: CVE-2010-0024, CVE-2010-0025 BID: 39381 Service Detection An SMTP server is running on this port. Plugin ID: 22964 SMTP Server Detection Synopsis: An SMTP server is listening on the remote port. Description: The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you d o not use it.

Risk factor: None Page 61 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Solution:

Disable this service if you do not use it, or filte r incoming traffic to this port.

Plugin output: Remote SMTP server banner : 220 TargetWindows01 Micr osoft ESMTP MAIL Service, Version:

6.0.3790.1830 ready at Thu, 5 Aug 2010 11:35:48 -04 00 Plugin ID: 10263 Port name? (42/tcp) [-/+] MS09-039: Vulnerabilities in WINS Could Allow Remote C ode Execution (969883) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host t hrough the WINS service Description: The remote host has a Windows WINS server installed . The remote version of this server has two vulnerabilities that may allow an attacker to execut e arbitrary code on the remote system: - One heap overflow vulnerability can be exploited by any attac ker - One integer overflow vulnerability can be exploited by a WINS replication partner. An attacke r may use these flaws to execute arbitrary code on the remote system with SYSTEM privileges. Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000 and 2003 :

http://www.microsoft.com/technet/security/Bulletin/MS 09-039.mspx Plugin ID: 40564 CVE: CVE-2009-1923, CVE-2009-1924 BID: 35980, 35981 Other references: OSVDB:56899, OSVDB:56900 Port cifs (445/tcp) [-/+] MS06-040: Vulnerability in Server Service Could Allow R emote Code Execution (921883) (uncredentialed check) Synopsis: Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

Description: The remote host is vulnerable to a buffer overrun i n the 'Server' service that may allow an attacker to Page 62 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht execute arbitrary code on the remote host with 'SYSTEM' privileges.

Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP and 2003 :

Description: The remote host is affected by a memory corruption vulnerability in SMB that may allow an attacker to execute arbitrary code or perform a denial of servi ce against the remote host.

Risk factor: Critical CVSS Base Score: 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms 09-001.mspx Plugin ID: 35362 CVE: CVE-2008-4834, CVE-2008-4835, CVE-2008-4114 BID: 31179, 33121, 33122 Other references: OSVDB:48153, OSVDB:52691, OSVDB:52692 MS06-035: Vulnerability in Server Service Could Allow R emote Code Execution (917159) (uncredentialed check) Page 63 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

Arbitrary code can be executed on the remote host d ue to a flaw in the 'Server' service.

http://www.microsoft.com/technet/security/bulletin/ms 05-027.mspx Plugin ID: 18502 CVE: CVE-2005-1206 Page 64 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht BID: 13942 Other references: IAVA:2005-t-0019, OSVDB:17308 DCE Services Enumeration Synopsis: A DCE/RPC service is running on the remote host.

d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0 D escription : Unknown RPC service Annotation :

ICF+ FW API Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name :

\\TARGETWINDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : d674a233- 5829-49dd-90f0-60cf9ceb7129, version 1.0 Descriptio n : Unknown RPC service Annotation : ICF+ FW API Type : Remote RPC service Named pipe : \pipe\ke ysvc Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : d674a233-5829-49dd-90f0- 60cf9ceb7129, version 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Remote RPC service Named pipe : \PIPE\wkssvc Netbios name : \\TARGETWINDOWS01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : 2f5f652 1-cb55-1059-b446-00df0bce31db, version 1.0 Description : Unknown RPC service Annotation : Unim odem LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\tapsrv Netbios name : \\TARGETWI NDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 45f52c28-7f9f-101a-b52b-08 002b2efabe, version 1.0 Description : Wins Service Windows process : wins.exe Type : Remote RPC service Named pipe : \pipe\WinsPipe Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0 D escription : Wins Service Windows process :

wins.exe Type : Remote RPC service Named pipe : \pip e\WinsPipe Netbios name :

\\TARGETWINDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 82ad4280- 036b-11cf-972c-00aa006887b0, version 2.0 Descriptio n : Internet Information Service (IISAdmin) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\INETINFO Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 D escription : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\INETINFO Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0 D escription : Internet Information Service (SMTP) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\SMTPSVC Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 D escription : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\INETINFO Netbios nam e : \\TARGETWINDOWS01 Object UUID :

00000000-0000-0000-0000-000000000000 UUID : bfa951d 1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0 Page 65 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\SMTPSVC Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

4f82f460-0e21-11cf-909e-00805f48a135, version 4.0 D escription : Internet Information Service (NNTP) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\INETINFO Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

4f82f460-0e21-11cf-909e-00805f48a135, version 4.0 D escription : Internet Information Service (NNTP) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\SMTPSVC Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

4f82f460-0e21-11cf-909e-00805f48a135, version 4.0 D escription : Internet Information Service (NNTP) Windows process : inetinfo.exe Type : Remote RPC ser vice Named pipe : \PIPE\NNTPSVC Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-000 0-0000-0000-000000000000 UUID :

12345778-1234-abcd-ef00-0123456789ac, version 1.0 D escription : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\lsass Netbios name :

\\TARGETWINDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345778- 1234-abcd-ef00-0123456789ac, version 1.0 Descriptio n : Security Account Manager Windows process :

lsass.exe Type : Remote RPC service Named pipe : \P IPE\protected_storage Netbios name :

\\TARGETWINDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 12345678- 1234-abcd-ef00-0123456789ab, version 1.0 Descriptio n : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Named pipe :

\PIPE\lsass Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-0000-0000-0000- 000000000000 UUID : 12345678-1234-abcd-ef00-0123456 789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass .exe Annotation : IPSec Policy agent endpoint Type : Remote RPC service Named pipe : \PIPE\protec ted_storage Netbios name :

\\TARGETWINDOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 1ff70682-0a51 -30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TARGETWINDOWS01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TARGETWIN DOWS01 Object UUID : 00000000-0000-0000- 0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc 74fb1cdd53, version 1.0 Description :

Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\TARGETWINDOWS01 Object UUID : 0000 0000-0000-0000-0000-000000000000 UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, versio n 1.0 Description : Unknown RPC service Annotation : ICF+ FW API Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name :

\\TARGETWINDOWS01 Plugin ID: 10736 SMB Service Detection Synopsis: A file / print sharing service is listening on the remote host.

Risk factor: None Solution: n/a Plugin output: A CIFS server is running on this port. Page 66 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

11011 SMB NativeLanManager Remote System Information Disclosu re Synopsis:

It is possible to obtain information about the remo te operating system.

Description: It is possible to get the remote operating system n ame and version (Windows and/or Samba) by sending an authentication request to port 139 or 44 5.

Risk factor: None Solution: n/a Plugin output: The remote Operating System is : Windows Server 2003 3790 Service Pack 1 The remote native lan manager is : Windows Server 2003 5.2 The remote SMB Domain Name is : TARGETWINDOWS01 Plugin ID: 10785 SMB Log In Possible Synopsis: It is possible to log into the remote host. Description: The remote host is running Microsoft Windows operati ng system or Samba, a CIFS/SMB server for Unix.

It was possible to log into it using one of the foll owing account : - NULL session - Guest account - Giv en Credentials Risk factor: None See also: http://support.microsoft.com/support/kb/articles/Q1 43/4/74.ASP See also: http://support.microsoft.com/support/kb/articles/Q2 46/2/61.ASP Solution: n/a Plugin output: - NULL sessions are enabled on the remote host Plugin ID: 10394 CVE: CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-20 00-0222, CVE-2002-1117, CVE-2005-3595 BID: 494, 990, 11199 Page 67 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Other references: OSVDB:297, OSVDB:3106, OSVDB:8230, OSVDB:10050 SMB Registry : Nessus Cannot Access the Windows Registr y Synopsis:

Nessus is not able to access the remote Windows Regi stry.

Description: It was not possible to connect to PIPE\winreg on the remote host. If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote Registry Access' service (winreg) has been disabled on the remote hos t or can not be connected to with the supplied credentials. Risk factor: None Solution: n/a Plugin ID: 26917 Windows SMB NULL Session Authentication Synopsis: It is possible to log into the remote Windows host wi th a NULL session.

Description: The remote host is running Microsoft Windows, and it was possible to log into it using a NULL session (i.e., with no login or password). An unauthenticate d remote attacker can leverage this issue to get information about the remote host. Risk factor: None See also: http://support.microsoft.com/kb/q143474/ See also: http://support.microsoft.com/kb/q246261/ Solution: n/a Plugin ID: 26920 CVE: CVE-1999-0519, CVE-1999-0520, CVE-2002-1117 BID: 494 Other references: OSVDB:299 Page 68 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht SMB LanMan Pipe Server Listing Disclosure Synopsis:

It is possible to obtain network information. Description: It was possible to obtain the browse list of the remo te Windows system by send a request to the LANMAN pipe. The browse list is the list of the nea rest Windows systems of the remote host.

Risk factor: None Solution: n/a Plugin output: Here is the browse list of the remote host : TARGETW INDOWS01 ( os : 5.2 ) Plugin ID: 10397 Other references: OSVDB:300 Port dns (53/tcp) [-/+] DNS Server Detection Synopsis: A DNS server is listening on the remote host. Description: The remote service is a Domain Name System (DNS) se rver, which provides a mapping between hostnames and IP addresses. Risk factor: None See also: http://en.wikipedia.org/wiki/Domain_Name_System Solution: Disable this service if it is not needed or restric t access to internal hosts only if the service is a vailable externally. Plugin ID: 11002 DNS Server Detection Synopsis: A DNS server is listening on the remote host.

Description: The remote service is a Domain Name System (DNS) se rver, which provides a mapping between hostnames and IP addresses. Page 69 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

None See also: http://en.wikipedia.org/wiki/Domain_Name_System Solution: Disable this service if it is not needed or restric t access to internal hosts only if the service is a vailable externally. Plugin ID: 11002 Port rtsp (554/tcp) [-/+] Unknown Service Detection: HELP Request A streaming server is running on this port. Plugin ID: 11153 RTSP Server Type / Version Detection Synopsis: An RTSP (Real Time Streaming Protocol) server is li stening on the remote port.

Description: The remote server is an RTSP server. RTSP is a clie nt-server multimedia presentation protocol, which is used to stream videos and audio files over an IP ne twork. It is usually possible to obtain the list of capabilities and the server name of the remote RTSP server by sending an OPTIONS request.

Risk factor: None See also: http://en.wikipedia.org/wiki/Rtsp Solution: Disable this service if you do not use it. Plugin output: Server Type : WMServer/9.1.1.3814 The remote RSTP s erver responds to an 'OPTIONS *' request as follows : ------------------------------ snip ------ ------------------------ Public: DESCRIBE, SETUP, P LAY, PAUSE, TEARDOWN, SET_PARAMETER, GET_PARAMETER, OPTI ONS Allow: OPTIONS, GET_PARAMETER Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile Date: Thu, 05 Aug 20 10 15:36:38 GMT CSeq: 1 Server:

WMServer/9.1.1.3814 ------------------------------ snip ------------------------------ Plugin ID: 10762 Port nntps? (563/tcp) [-/+] Port tftp (69/udp)[-/+] TFTP Daemon Detection Page 70 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Synopsis:

A TFTP server is listening on the remote port. Description: The remote host is running a TFTP (Trivial File Tra nsfer Protocol) daemon. TFTP is often used by routers and diskless hosts to retrieve their config uration. It is also used by worms to propagate.

Risk factor: None Solution: Disable this service if you do not use it. Plugin ID: 11819 Port echo (7/tcp) [-/+] Echo Service Detection Synopsis: An echo service is running on the remote host.

Description: The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly adv ised that you disable it, as it may be used by atta ckers to set up denial of services attacks against this h ost.

Risk factor: None Solution: - Under Unix systems, comment out the 'echo' line i n /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke y to 0 :

HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableTcpEcho HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableUdpEcho Then launch cmd.exe and type : net stop simptcp net start simptcp To re start the service.

Plugin ID: 10061 CVE: CVE-1999-0103, CVE-1999-0635 Other references: OSVDB:150 Service Detection An echo server is running on this port. Plugin ID: 22964 Echo Service Detection Synopsis: An echo service is running on the remote host. Page 71 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Description:

The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly adv ised that you disable it, as it may be used by atta ckers to set up denial of services attacks against this h ost.

Risk factor: None Solution: - Under Unix systems, comment out the 'echo' line i n /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke y to 0 :

Plugin ID: 10061 CVE: CVE-1999-0103, CVE-1999-0635 Other references: OSVDB:150 Port www (80/tcp) [-/+] Service Detection A web server is running on this port. Plugin ID: 22964 HTTP methods per directory Synopsis: This plugin determines which HTTP methods are allowed on various CGI directories.

Description: By calling the OPTIONS method, it is possible to de termine which HTTP methods are allowed on each directory. As this list may be incomplete, the plug in also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in t he scan policy - various known HTTP methods on each directory and considers them as unsupported if it r eceives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational a nd does not necessarily indicate the presence of an y security vulnerabilities. Risk factor: None Solution: n/a Plugin output: Based on the response to an OPTIONS request : - HTT P methods COPY GET HEAD LOCK PROPFIND SEARCH TRACE UNLOCK OPTIONS are allowed on : / Page 72 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

43111 HTTP Server type and version Synopsis: A web server is running on the remote host.

Description: This plugin attempts to determine the type and the version of the remote web server.

Risk factor: None Solution: n/a Plugin output: The remote web server type is : Microsoft-IIS/6.0 Plugin ID: 10107 Microsoft IIS 404 Response Service Pack Signature Synopsis: The remote web server is running Microsoft IIS.

Description: The Patch level (Service Pack) of the remote IIS se rver appears to be lower than the current IIS servic e pack level. As each service pack typically contains many security patches, the server may be at risk.

Note that this test makes assumptions of the remote patch level based on static return values (Content- Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed. Note also that, to determine IIS6 patch levels, a simple test is done based on strict RFC 2616 compliance. It appears as if IIS6-S P1 will accept CR as an end-of-line marker instead o f both CR and LF. Risk factor: None Solution: Ensure that the server is running the latest stable Service Pack.

Plugin output: The remote IIS server *seems* to be Microsoft IIS 6 .0 - SP1 Plugin ID: 11874 HyperText Transfer Protocol (HTTP) Information Synopsis: Some information about the remote HTTP configuratio n can be extracted.

Description: This test gives some information about the remote H TTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Page 73 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Risk factor:

None Solution: n/a Plugin output: Protocol version : HTTP/1.1 SSL : no Keep-Alive : n o Options allowed : OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PRO PPATCH, LOCK, UNLOCK, SEARCH Headers : Content-Length: 1433 Content-Type: text/h tml Content-Location:

http://172.30.0.66/iisstart.htm Last-Modified: Fri, 21 Feb 2003 22:48:30 GMT Accept-Ranges: bytes ETag: "0339c5afbd9c21:825" Server: Microsoft-IIS/6. 0 X-Powered-By: ASP.NET Date: Thu, 05 Aug 2010 15:39:22 GMT Plugin ID: 24260 WebDAV Detection Synopsis: The remote server is running with WebDAV enabled.

Description: WebDAV is an industry standard extension to the HTT P specification. It adds a capability for authorized users to remotely add and manage the content of a we b server. If you do not use this extension, you should disable it. Risk factor: None Solution: http://support.microsoft.com/default.aspx?kbid=2415 20 Plugin ID: 11424 Port www (8000/tcp) [-/+] Service Detection A web server is running on this port. Plugin ID: 22964 HTTP Server type and version Synopsis: A web server is running on the remote host. Description: This plugin attempts to determine the type and the version of the remote web server.

Risk factor: None Solution: n/a Page 74 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin output:

The remote web server type is : CherryPy/3.1.2 Plugin ID: 10107 HyperText Transfer Protocol (HTTP) Information Synopsis: Some information about the remote HTTP configuratio n can be extracted.

Description: This test gives some information about the remote H TTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Risk factor: None Solution: n/a Plugin output: Protocol version : HTTP/1.1 SSL : no Keep-Alive : n o Options allowed : (Not implemented) Headers :

Date: Thu, 05 Aug 2010 15:39:23 GMT Content-Length: 96 Content-Type: text/html;charset=utf-8 Location: http://172.30.0.66/en-US/ Server: CherryP y/3.1.2 Set-Cookie:

session_id_8000=2923ed0ff187b9d1fca89d12eabbe503304 acb6b; expires=Fri, 06 Aug 2010 15:39:23 GMT; Path=/ Plugin ID: 24260 Port www (8080/tcp) [-/+] Service Detection A web server is running on this port. Plugin ID: 22964 HTTP Server type and version Synopsis: A web server is running on the remote host. Description: This plugin attempts to determine the type and the version of the remote web server.

Risk factor: None Solution: n/a Plugin output: The remote web server type is : Microsoft-IIS/6.0 Page 75 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht Plugin ID:

10107 HyperText Transfer Protocol (HTTP) Information Synopsis: Some information about the remote HTTP configuratio n can be extracted.

Description: This test gives some information about the remote H TTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Risk factor: None Solution: n/a Plugin output: Protocol version : HTTP/1.1 SSL : no Keep-Alive : n o Options allowed : (Not implemented) Headers :

Content-Length: 1656 Content-Type: text/html Server : Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET Date: T hu, 05 Aug 2010 15:39:22 GMT Plugin ID: 24260 Port apache-administration-server? (8089/tcp) [-/+] Port vectorchat? (8098/tcp)[-/+] Port discard (9/tcp)[-/+] Discard Service Detection Synopsis: A discard service is running on the remote host.

Description: The remote host is running a 'discard' service. Thi s service typically sets up a listening socket and will ignore all the data which it receives. This service is unused these days, so it is advised that you dis able it. Risk factor: None Solution: - Under Unix systems, comment out the 'discard' lin e in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry ke y to 0 :

HKLM\System\CurrentControlSet\Services\SimpTCP\Para meters\EnableTcpDiscard Then launch cmd.exe and type : net stop simptcp net start simptcp To re start the service.

Plugin ID: 11367 [^] Back to 172.30.0.66 Page 76 of 76 Nessus Scan Report 8/5/2010 mhtml:file://C:\Documents and Settings\acaballero\D esktop\nessus_MockITScan.mht