Florian Cramer on Wed, 8 May 2002 06:20:14 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> PUBLIC DOMAIN SCANNER |
Am Tue, 07.May.2002 um 13:14:24 +0200x schrieb knowbotic.research: > > > MINDS OF CONCERN::breaking news > http://unitedwehack.ath.cx > > PUBLIC DOMAIN SCANNER > http://unitedwehack.homeunix.net/minds3/ [...] > In the project, we are using non-invasive SECURITY scanning tools, which > systems administrators alike use in order to detect security holes on the > Internet servers. unitedwehack.ath.cx All 1549 scanned ports on (209.73.19.97) are: UNfiltered Interesting ports on (209.73.19.97): (The 1542 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 80/tcp open http 111/tcp open sunrpc 443/tcp open https 901/tcp open samba-swat 3306/tcp open mysql 6000/tcp open X11 + unitedwehack.ath.cx : . List of open ports : o general/tcp (Security warnings found) o general/udp (Security notes found) o unknown (32768/tcp) (Security warnings found) o general/icmp (Security warnings found) . Warning found on port general/tcp Microsoft Windows 95 and 98 clients have the ability to bind multiple TCP/IP stacks on the same MAC address, simply by having the protocol addded more than once in the Network Control panel. The remote host has several TCP/IP stacks with the same IP binded on the same MAC adress. As a result, it will reply several times to the same packets, such as by sending multiple ACK to a single SYN, creating noise on your network. If several hosts behave the same way, then your network will be brought down. Solution : remove all the IP stacks except one in the remote host Risk factor : Medium . Warning found on port general/tcp The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things. Solution : Contact your vendor for a patch Risk factor : Low . Information found on port general/udp For your information, here is the traceroute to 209.73.19.97 : 160.45.155.1 130.133.98.2 188.1.33.33 188.1.20.5 188.1.18.110 134.222.130.229 134.222.231.5 134.222.230.17 134.222.230.6 134.222.229.238 134.222.229.234 205.171.30.145 205.171.230.22 205.171.30.86 205.171.62.2 206.252.135.2 209.73.19.65 209.73.19.97 . Warning found on port unknown (32768/tcp) The fam RPC service is running. Several versions of this service have a well-known buffer oveflow condition that allows intruders to execute arbitrary commands as root on this system. Solution : disable this service in /etc/inetd.conf More information : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp Risk factor : High CVE : CVE-1999-0059 . Warning found on port general/icmp The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentifications protocols. Solution : filter out the icmp timestamp requests (13), and the outgoing icmp timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 Florian # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net