not - 2006-3-13 23:31:00
今天有人一直PING我,我就扫描了他一下寄过发现了他又不少漏洞(一定也是个菜鸟),这个漏洞怎么利用?
=================================================================
X-Scan 检测报告
------------------
扫描时间
2006-3-13 下午 02:07:59 - 2006-3-13 下午 02:13:37
检测结果
- 存活主机 : 1
- 漏洞数量 : 4
- 警告数量 : 3
- 提示数量 : 7
主机列表
218.58.79.* (发现安全漏洞)
. OS: Drcom B-RAS; PORT/TCP: 23, 25, 110
详细资料
+ 218.58.79.* :
. 开放端口列表 :
o telnet (23/tcp) (发现安全提示)
o smtp (25/tcp) (发现安全提示)
o pop3 (110/tcp) (发现安全提示)
o snmp (161/udp) (发现安全漏洞)
o SNMP (161/tcp) (发现安全漏洞)
. 端口"telnet (23/tcp)"发现安全提示 :
"TELNET"服务可能运行于该端口.
NESSUS_ID : 10330
. 端口"telnet (23/tcp)"发现安全提示 :
通过与服务器建立连接
并分析接收到的数据可以确定服务器的类型与版本号.
这为潜在的攻击者提供了其将要攻击的系统的额外信息. 如果可能的话
版本与类型应当隐藏起来.
解决方案: 更改登陆信息为非特定的内容.
风险等级 : 低
___________________________________________________________________
Remote telnet banner :
Welcome To Drcom Network OS
Username :
NESSUS_ID : 10281
. 端口"telnet (23/tcp)"发现安全提示 :
当前的Telnet在未加密的状态下进行数据传输,任何人通过sniff都很容易监听telnet客户端与telnet服务端之间的登陆用户名与密码!
解决方案:如果你使用的是Unix系列的操作系统,使用OpenSSH替代telnet服务
风险等级:低
___________________________________________________________________
The Telnet service is running.
This service is dangerous in the sense that it is not ciphered - that is,
everyone can sniff the data that passes between the telnet client
and the telnet server. This includes logins and passwords.
Solution:
If you are running a Unix-type system, OpenSSH can be used instead of telnet.
For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf.
For Unix systems which use xinetd, you will need to modify the telnet services
file in the /etc/xinetd.d folder. After making any changes to xinetd or
inetd configuration files, you must restart the service in order for the
changes to take affect.
In addition, many different router and switch manufacturers support SSH as a
telnet replacement. You should contact your vendor for a solution which uses
an encrypted session.
Risk factor : Low
CVE_ID : CAN-1999-0619
NESSUS_ID : 10280
. 端口"smtp (25/tcp)"发现安全提示 :
"smtp"服务可能运行于该端口.
NESSUS_ID : 10330
. 端口"pop3 (110/tcp)"发现安全提示 :
"pop3"服务可能运行于该端口.
NESSUS_ID : 10330
. 端口"snmp (161/udp)"发现安全漏洞 :
Snmp口令:
"public"
. 端口"snmp (161/udp)"发现安全漏洞 :
简单网络管理协议(SNMP)是一个
可以远程管理计算机和网络设备的协议.
有两种典型的远程监控模式.
他们可以粗略地分为"读"和"写"(或者是PUBLIC和PRIVATE).
如果攻击者能猜出一个PUBLIC团体串值,
那么他就可以从远程设备读取SNMP数据.
这个信息可能包括
系统时间,IP地址,接口,运行着的进程,etc等.
如果攻击者猜出一个PRIVATE团体串值
(写入或"完全控制"),
他就有更改远程机器上信息的能力.
这会是一个极大的安全漏洞,
能让攻击者成功地破坏网络,运行的进程,ect.
其实,"完全控制"会给远程攻击者提供在主机上的完全管理权限.
风险等级:高
更多信息请参见:
http://www.securiteam.com/exploits/Windows_NT_s_SNMP_service_vulnerability.html
___________________________________________________________________
SNMP Agent responded as expected with community name: public
CVE_ID : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516
BUGTRAQ_ID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986
NESSUS_ID : 10264
Other references : IAVA:2001-B-0001
. 端口"snmp (161/udp)"发现安全漏洞 :
这个脚本试图使用远程Cisco路由器基于视图的访问控制(View-Based Access
Control) MIB获得远程private的community字串。
攻击者可以使用这个漏洞获得这个路由器上读/写SNMP的权限。
更多信息 :
http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml
风险等级 : 高
___________________________________________________________________
It was possible to obtain the list of SNMP communities of the
remote host via SNMP :
. DrcomBRAS:2033
An attacker may use this information to gain r/w access on the
remote router.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
See http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml
Risk factor : High
BUGTRAQ_ID : 2427
NESSUS_ID : 10688
. 端口"snmp (161/udp)"发现安全警告 :
此Nessus脚本通过SNMP获取远程系统中运行的进程列表。
风险等级 : 低
___________________________________________________________________
It was possible to obtain the list of processes of the
remote host via SNMP :
. DrcomBRAS:2033
. +����?���
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
NESSUS_ID : 10550
. 端口"snmp (161/udp)"发现安全警告 :
此脚本通过SNMP获取远程主机安装的网络接口列表。
风险等级 : 低
___________________________________________________________________
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. Int Port
. Ext Port
. Msg Port
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
NESSUS_ID : 10551
. 端口"snmp (161/udp)"发现安全警告 :
此脚本通过SNMP枚举Lanman服务列表。
风险等级 : 低
___________________________________________________________________
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
.
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
NESSUS_ID : 10547
. 端口"snmp (161/udp)"发现安全提示 :
sysDescr.0 = Drcom B-RAS
sysUpTime.0 = 134 Days, 10 Hours, 23 Minutes, 41 Seconds
sysContact.0 = Drcom,020-38732506/38732507
sysName.0 = DrcomBRAS:2033m
sysLocation.0 =
sysServices.0 = 3
[Snmp网络界面信息]:
ifNumber.0 = 3
ifIndex.0 = 1
ifDescr.0 = Int Port�
ifType.0 = Unknown
ifMtu.0 = 1536
ifSpeed.0 = 100000000
ifPhysicalAddress.0 =
ifAdminStatus.0 = Working normally
ifOperStatus.0 = Working normally
ifLastChange.0 = 99538400
ifInOctets.0 = 1299620101
ifInUcastPkts.0 = 1724403498
ifInNUcastPkts.0 = 754010914
ifInDiscards.0 = 0
ifInErrors.0 = 0
ifInUnknownProtos.0 = 0
ifOutOctets.0 = 3739195897
ifOutUcastPkts.0 = 1397483954
ifOutNUcastPkts.0 = 96005334
ifOutDiscards.0 = 0
ifOutErrors.0 = 0
ifOutQLen.0 = 0
ifIndex.1 = 2
ifDescr.1 = Ext Port�
ifType.1 = Unknown
ifMtu.1 = 1536
ifSpeed.1 = 100000000
ifPhysicalAddress.1 =
ifAdminStatus.1 = Working normally
ifOperStatus.1 = Working normally
ifLastChange.1 = 1161502000
ifInOctets.1 = 1507150408
ifInUcastPkts.1 = 1418386546
ifInNUcastPkts.1 = 5989401
ifInDiscards.1 = 0
ifInErrors.1 = 0
ifInUnknownProtos.1 = 0
ifOutOctets.1 = 2397738537
ifOutUcastPkts.1 = 1679318117
ifOutNUcastPkts.1 = 11846749
ifOutDiscards.1 = 0
ifOutErrors.1 = 0
ifOutQLen.1 = 0
ifIndex.2 = 3
ifDescr.2 = Msg Port�
ifType.2 = Unknown
ifMtu.2 = 1536
ifSpeed.2 = 100000000
ifPhysicalAddress.2 =
ifAdminStatus.2 = Working normally
ifOperStatus.2 = Working normally
ifLastChange.2 = 1161501700
ifInOctets.2 = 1996121875
ifInUcastPkts.2 = 28664453
ifInNUcastPkts.2 = 448170
ifInDiscards.2 = 0
ifInErrors.2 = 0
ifInUnknownProtos.2 = 0
ifOutOctets.2 = 3237503343
ifOutUcastPkts.2 = 28121530
ifOutNUcastPkts.2 = 193597
ifOutDiscards.2 = 0
ifOutErrors.2 = 0
ifOutQLen.2 = 0
[Snmp-IP信息]:
Address Net_Mask Bcast_Address
Reasm_Max_Size
[Snmp-TCP信息]:
State Local Remote
[Snmp-UDP信息]:
Address Port
[Snmp-Wins用户列表]:
. 端口"snmp (161/udp)"发现安全提示 :
此Nessus脚本通过SNMP获取远程操作系统类型信息。
风险等级 : 低
___________________________________________________________________
Using SNMP, we could determine that the remote operating system is :
Drcom B-RAS
NESSUS_ID : 10800
. 端口"SNMP (161/tcp)"发现安全漏洞 :
当前脚本使用SNMP获得远程ADSL连接的帐号和密码。
风险等级: 高
___________________________________________________________________
Using SNMP, it was possible to determine the login/password pair of what
is likely to be the remote ADSL connection :
'DrcomBRAS:2033'/'DrcomBRAS:2033'
Solution : Filter incoming traffic to this port, and change your SNMP
community name to a secret one
Risk factor : High
BUGTRAQ_ID : 7212
NESSUS_ID : 11490
------------------------------------------------------
本报表由网络安全漏洞扫描器"X-Scan"生成.
==========================================================================
© 2000 - 2025 Rising Corp. Ltd.