Nessus Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test 1
Number of security holes found 0
Number of security warnings found 1


Host List
Host(s) Possible Issue
192.168.1.109 Security warning(s) found
[ return to top ]


Analysis of Host
Address of Host Port/Service Issue regarding Port
192.168.1.109 general/udp Security notes found
192.168.1.109 general/icmp Security notes found
192.168.1.109 sunrpc (111/udp) Security notes found
192.168.1.109 unknown (958/udp) Security notes found
192.168.1.109 unknown (961/tcp) Security notes found
192.168.1.109 general/tcp Security notes found
192.168.1.109 sunrpc (111/tcp) Security notes found
192.168.1.109 x11 (6000/tcp) Security notes found
192.168.1.109 ssh (22/tcp) Security warning(s) found


Security Issues and Fixes: 192.168.1.109
Type Port Issue and Fix
Informational general/udp For your information, here is the traceroute from 192.168.1.106 to 192.168.1.109 :
192.168.1.106
192.168.1.109

Nessus ID : 10287
Informational general/icmp
Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date which is set on your machine.

This may help him to defeat all your time based authentication
protocols.

Solution :

Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None

Plugin output :

The difference between the local and remote clocks is -28 seconds.

CVE : CVE-1999-0524
Nessus ID : 10114
Informational sunrpc (111/udp) Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :

- program: 100000 (portmapper), version: 2

Nessus ID : 11111
Informational unknown (958/udp) Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 958 :

- program: 100024 (status), version: 1

Nessus ID : 11111
Informational unknown (961/tcp) Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 961 :

- program: 100024 (status), version: 1

Nessus ID : 11111
Informational general/tcp Information about this scan :

Nessus version : 4.0.1
Plugin feed version : 200906262334
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.1.106
Port scanner(s) : nessus_tcp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 20
Max checks : 4
Recv timeout : 5
Backports : Detected
Scan Start Date : 2009/6/28 12:58
Scan duration : 57 sec

Nessus ID : 19506
Informational general/tcp
Remote operating system : Linux Kernel 2.6
Confidence Level : 70
Method : SinFP


The remote host is running Linux Kernel 2.6
Nessus ID : 11936
Informational general/tcp
Synopsis :

The manufacturer can be deduced from the Ethernet OUI.

Description :

Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.

See also :

http://standards.ieee.org/faqs/OUI.html
http://standards.ieee.org/regauth/oui/index.shtml

Risk factor :

None

Plugin output :

The following card manufacturers were identified :

00:0c:29:ab:0b:3b : VMware, Inc.

Nessus ID : 35716
Informational general/tcp Synopsis :

The remote host seems to be a VMware virtual machine.

Description :

According to the MAC address of its network adapter, the remote host
is a VMware virtual machine.

Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.

Risk factor :

None
Nessus ID : 20094
Informational general/tcp Synopsis :

The remote service implements TCP timestamps.

Description :

The remote host implements TCP timestamps, as defined by RFC1323.
A side effect of this feature is that the uptime of the remote
host can sometimes be computed.

See also :

http://www.ietf.org/rfc/rfc1323.txt

Risk factor :

None
Nessus ID : 25220
Informational general/tcp 192.168.1.109 resolves as 192-168-1-109.tpgi.com.au.
Nessus ID : 12053
Informational sunrpc (111/tcp) Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :

- program: 100000 (portmapper), version: 2

Nessus ID : 11111
Informational sunrpc (111/tcp) Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.

The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.

Risk factor :

None
Nessus ID : 10223
Informational x11 (6000/tcp) Synopsis :

An X11 server is listening on the remote host

Description :

The remote host is running an X11 server. X11 is a client-server
protocol that can be used to display graphical applications running on
a given host on a remote client.

Since the X11 traffic is not ciphered, it is possible for an attacker
to eavesdrop on the connection.

Solution :

Restrict access to this port. If the X11 client/server facility is not
used, disable TCP entirely.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin output :

X11 Version : 11.0

Nessus ID : 10407
Warning ssh (22/tcp) Synopsis :

The remote service offers an insecure cryptographic protocol.

Description :

The remote SSH daemon supports connections made using the version 1.33
and/or 1.5 of the SSH protocol.

These protocols are not completely cryptographically safe so they
should not be used.

Solution :

Disable compatibility with version 1 of the protocol.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE : CVE-2001-0361
BID : 2344
Other references : OSVDB:2116
Nessus ID : 10882
Informational ssh (22/tcp)
Synopsis :

Security patches are backported.

Description :

Security patches may have been 'back ported' to the remote SSH server
without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Solution :

Give Nessus credentials to perform local checks.

Risk factor :

None

Nessus ID : 39520
Informational ssh (22/tcp)
Synopsis :

An SSH server is running on the remote host.

Description :

This plugin determines the versions of the SSH protocol supported by
the remote SSH daemon.

Risk factor :

None

Plugin output :

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.33
- 1.5
- 1.99
- 2.0


SSHv1 host key fingerprint : 11:38:a9:16:4a:61:53:ad:45:f6:e3:8c:bd:a5:8f:e4
SSHv2 host key fingerprint : 8c:18:66:9d:6d:1b:3d:91:b4:46:2c:5b:13:85:3c:f1

Nessus ID : 10881
Informational ssh (22/tcp) Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.

Risk factor :

None

Plugin output :

SSH version : SSH-1.99-OpenSSH_3.9p1
SSH supported authentication : publickey,gssapi-with-mic,password

Nessus ID : 10267
Informational ssh (22/tcp) An SSH server is running on this port.
Nessus ID : 22964

This file was generated by Nessus, the security scanner.