Network Vulnerability Assessment Report
05.09.2006
Sorted by host names

Session name: ZyXEL-P-660HTWStart Time:05.09.2006 17:43:37
Finish Time:05.09.2006 18:03:53
Elapsed:0 day(s) 00:20:16
Total records generated:20
high severity:1
Medium severity:1
informational:18


Summary of scanned hosts

HostHolesWarningsOpen portsState
10.0.0.30116Finished


10.0.0.30

ServiceSeverityDescription
telnet (23/tcp)
Info
Port is open
www (80/tcp)
Info
Port is open
http-proxy (8080/tcp)
Info
Port is open
snmp (161/udp)
Info
Port is open
UPnP (1900/udp)
Info
Port is open
ftp (21/tcp)
Info
Port is open
snmp (161/udp)
High

Synopsis :

The community name of the remote SNMP server can be guessed.

Description :

It is possible to obtain the default community names of the remote
SNMP server.

An attacker may use this information to gain more knowledge about
the remote host, or to change the configuration of the remote
system (if the default community allow such modifications).

Solution :

Disable the SNMP service on the remote host if you do not use it,
filter incoming UDP packets going to this port, or change the
default community string.

Risk factor :

High

Plugin output :

The remote SNMP server replies to the following default community
strings :

public

CVE : CVE-1999-0517, CVE-1999-0186, CVE-1999-0254, CVE-1999-0516
BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986
Other references : IAVA:2001-B-0001
telnet (23/tcp)
Medium

Synopsis :

A telnet server is listening on the remote port

Description :

The remote host is running a telnet server.
Using telnet is not recommended as logins, passwords and commands
are transferred in clear text.

An attacker may eavesdrop on a telnet session and obtain the
credentials of other users.

Solution :

Disable this service and use SSH instead

Risk factor :

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)

Plugin output:

Remote telnet banner:


Password:
snmp (161/udp)
Info

Synopsis :

The System Information of the remote host can be obtained via SNMP.

Description :

It is possible to obtain the system information about the remote
host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1.

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

Low

Plugin output :

System information :
sysDescr : Prestige 660HW-T1
sysObjectID : 1.3.6.1.4.1.890.1.2.6.58
sysUptime : 0d 0h 38m 33s
sysContact :
sysName : P660HW-T1
sysLocation :
sysServices : 14


general/tcp
Info
Nessus snmp scanner was able to retrieve the open port list with the community name public
general/tcp
Info
10.0.0.30 resolves as P660HW-T1.ixbt.lab.
telnet (23/tcp)
Info
A telnet server seems to be running on this port
ftp (21/tcp)
Info
An FTP server is running on this port.
Here is its banner :
220 P660HW-T1 FTP version 1.0 ready at Sat Jan 01 00:38:16 2000

www (80/tcp)
Info
An unknown service is running on this port.
It is usually reserved for HTTP
ftp (21/tcp)
Info

Synopsis :

A FTP server is listening on this port

Description :

It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.

Risk factor :

None

Plugin output :

The remote FTP banner is :
220 P660HW-T1 FTP version 1.0 ready at Sat Jan 01 00:38:30 2000


ftp (21/tcp)
Info

Synopsis :

A FTP server is listening on this port

Description :

It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.

Risk factor :

None

Plugin output :

The remote FTP banner is :
220 P660HW-T1 FTP version 1.0 ready at Sat Jan 01 00:38:16 2000

snmp (161/udp)
Info

Synopsis :

The list of network interfaces cards of the remote host can be obtained via
SNMP.

Description :

It is possible to obtain the list of the network interfaces installed
on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

Low

Plugin output :

Interface 1 information :
ifIndex : 1
ifDescr : enet0
ifPhysAddress : 001349a75abb

Interface 2 information :
ifIndex : 2
ifDescr : enet1
ifPhysAddress : 001349a75abb

Interface 3 information :
ifIndex : 3
ifDescr : enet-encap
ifPhysAddress :


www (80/tcp)
Info
The following CGI have been discovered :

Syntax : cginame (arguments [default value])

/Forms/rpAuth_1 (LoginPassword [1234] hiddenPassword [] Prestige_Login [Login] Cancel [Cancel] )

www (80/tcp)
Info
The remote web server type is :

RomPager/4.07 UPnP/1.0


www (80/tcp)
Info
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
711 trojan (Seven Eleven)
AckCmd
Back End
Back Orifice 2000 Plug-Ins
Cafeini
CGI Backdoor
Executor
God Message
God Message 4 Creator
Hooker
IISworm
MTX
NCX
Noob
Ramen
Reverse WWW Tunnel Backdoor
RingZero
RTB 666
Seeker
WAN Remote
Web Server CT
WebDownloader
Mydoom

Unless you know for sure what is behind it, you'd better
check your system

*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)

Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low