|
|
咁我就幫你boby check
點知又發現兩個安全漏洞
檢測結果
存活主機 1
漏洞數量 2
警告數量 2
提示數量 15
主機列表
主機 檢測結果
210.245.160.188 發現安全漏洞
主機摘要 - OS: Unknown OS; PORT/TCP: 21, 22, 25, 53, 80, 110, 188
[返回頂部]
主機分析: 210.245.160.188
主機地址 端口/服務 服務漏洞
210.245.160.188 ftp (21/tcp) 發現安全漏洞
210.245.160.188 unknown (22/tcp) 發現安全警告
210.245.160.188 www (188/tcp) 發現安全提示
210.245.160.188 www (80/tcp) 發現安全提示
210.245.160.188 smtp (25/tcp) 發現安全提示
210.245.160.188 pop3 (110/tcp) 發現安全提示
210.245.160.188 domain (53/tcp) 發現安全漏洞 210.245.160.188 domain (53/udp) 發現安全提示
安全漏洞及解決方案: 210.245.160.188
類型 端口/服務 安全漏洞及解決方案
漏洞 ftp (21/tcp)
It was possible to disable the remote FTP server
by connecting to it about 3000 times, with
one connection at a time.
If the remote server is running from within [x]inetd, this
is a feature and the FTP server should automatically be back
in a couple of minutes.
An attacker may use this flaw to prevent this
service from working properly.
Solution : If the remote server is GoodTech ftpd server,
download the newest version from http://www.goodtechsys.com.
BID : 2270
Risk factor : Serious
CVE_ID : CAN-2001-0188
BUGTRAQ_ID : 2270
NESSUS_ID : 10690
提示 ftp (21/tcp) A FTP server is running on this port.
Here is its banner :
220 host2.hk82.com FTP Server 3.0.0 Ready.
NESSUS_ID : 10330
警告 unknown (22/tcp)
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
NESSUS_ID : 10882
提示 unknown (22/tcp) Maybe the "SSH, Remote Login Protocol" service running on this port.
NESSUS_ID : 10330
提示 unknown (22/tcp) Remote SSH version : SSH-1.99-OpenSSH_4.0
NESSUS_ID : 10267
提示 unknown (22/tcp) The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
NESSUS_ID : 10881
提示 www (188/tcp) A web server is running on this port
NESSUS_ID : 10330
提示 www (80/tcp) A web server is running on this port
NESSUS_ID : 10330
提示 smtp (25/tcp) Maybe the "smtp" service running on this port.
NESSUS_ID : 10330
提示 smtp (25/tcp) For some reason, we could not send the 42.zip file to this MTA
BUGTRAQ_ID : 3027
NESSUS_ID : 11036
提示 pop3 (110/tcp) Maybe the "pop3" service running on this port.
NESSUS_ID : 10330
漏洞 domain (53/tcp)
The remote BIND 9 DNS server, according to its version number, is vulnerable to a
buffer overflow which may allow an attacker to gain a shell on this host or
to disable this server.
Solution : upgrade to bind 9.2.2 or downgrade to the 8.x series
See also : http://www.isc.org/products/BIND/bind9.html
http://cert.uni-stuttgart.de/arc ... 03/03/msg00075.html
http://www.cert.org/advisories/CA-2002-19.html
Risk factor : High
CVE_ID : CAN-2002-0684
NESSUS_ID : 11318
Other references : IAVA:2003-B-0001
警告 domain (53/tcp)
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your inte
al nameserver, then forget this wa
ing.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of inte
al addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : Serious
CVE_ID : CVE-1999-0024
BUGTRAQ_ID : 678
NESSUS_ID : 10539
提示 domain (53/tcp) Maybe the "domain" service running on this port.
NESSUS_ID : 10330
提示 domain (53/tcp) BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.2.1
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
NESSUS_ID : 10028
提示 domain (53/tcp)
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
NESSUS_ID : 11002
提示 domain (53/tcp) An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
ADM worm
Lion
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
NESSUS_ID : 11157
提示 domain (53/udp)
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
NESSUS_ID : 11002
提示 domain (53/udp) The remote name server could be fingerprinted as being one of the following :
ISC BIND 9.2.1
ISC BIND 9.2.2
NESSUS_ID : 11951 |
|
狗仔卡
發表於 2005-6-13 16:55:21
提升卡
置頂卡
沉默卡
喧囂卡
變色卡
顯身卡
發表於 2005-6-13 17:04:32
樓主