| Port Scan |
| Protocol |
Port |
Program |
Status |
Summary |
Turn Off |
| ALL |
|
Firewall |
Present |
Your computer appears to be behind a firewall. Using a properly configured firewall is a good security practice. |
|
| ICMP |
Ping |
|
Accepting |
Your computer is answering ping requests. Hackers use Ping to scan the Internet to see if computers will answer. If your computer answers then a hacker will know your computer exists and your computer could become a hacker target. You should install a firewall or turn off Ping requests. |
HowTo |
| TCP |
25 |
smtp |
Open |
Your computer is running SMTP (Simple Mail Transport Protocol). This can be a security risk since a hacker can verify user names when this service is running. If you do not need to run SMTP then turn it off. If you must run SMTP then be sure to run the latest version. |
HowTo |
| TCP |
80 |
http |
Open |
Your computer appears to be running http software that allows others to view its web pages. If you don't intend this computer to allow others to view its web pages then turn this service off. There are many potential security vulnerabilities in http software. |
HowTo |
| TCP |
110 |
pop-3 |
Open |
Some POP3 services are vulnerable to buffer overflows. Download latest version of your POP3 service from vendor. |
HowTo |
| Security Vulnerabilities |
| Protocol |
Port |
Program |
Risk |
Summary |
| TCP |
80 |
http |
7 |
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Risk Factor : High
|
| TCP |
80 |
http |
7 |
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk Factor : High
|
| TCP |
80 |
http |
7 |
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server, and choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk Factor : High
CVE : CAN-2002-0071
|
| TCP |
80 |
http |
4 |
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk Factor : Medium
|
| TCP |
80 |
http |
1 |
Asking the main page, a Content-Location header was added to the response.
By default, in Internet Information Server (IIS) 4.0,
the Content-Location references the IP address of the server
rather than the Fully Qualified Domain Name (FQDN) or Hostname.
This header may expose internal IP addresses that are usually hidden or masked
behind a Network Address Translation (NAT) Firewall or proxy server.
Solution: See http://support.microsoft.com/support/kb/articles/Q218/1/80.ASP
Risk Factor : Low
CVE : CAN-2000-0649
|
| TCP |
3389 |
unknown |
1 |
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Solution : Disable the Terminal Services if you do not use them
Risk Factor : Low
|
| UDP |
0 |
general/udp |
0 |
For your information, here is the traceroute to XX.XXX.XXX.XXX :
x.x.x.x
192.41.65.161
216.250.136.57
216.250.136.73
157.130.166.197
152.63.91.250
152.63.102.14
152.63.2.34
152.63.53.246
152.63.52.229
204.255.174.178
12.123.13.70
12.122.2.169
12.122.3.69
12.122.2.98
12.122.1.97
12.123.212.5
12.119.233.222
?
|
| TCP |
80 |
http |
0 |
A web server is running on this port
|
| TCP |
80 |
http |
0 |
Web server responds to bad URL with: HTTP/1.1 404 Object Not Found
|
| TCP |
80 |
http |
0 |
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
|
| TCP |
80 |
http |
0 |
The following directories were discovered:
/_vti_bin, /images, /intranet
The following directories require authentication:
/exchange, /printers, /public
|
| TCP |
80 |
http |
0 |
The address in Content-Location is: 10.0.0.2
CVE : CAN-2000-0649
|
| TCP |
110 |
pop3 |
0 |
A pop3 server is running on this port
|
| TCP |
110 |
pop3 |
0 |
The remote POP server banner is :
+OK Microsoft Exchange 2000 POP3 server version 6.0.6249.0 (server.someisp.net) ready.
|
| TCP |
25 |
smtp |
0 |
An SMTP server is running on this port
Here is its banner :
220 server.someisp.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 5 Feb 2003 15:08:19 -0600
|
| TCP |
25 |
smtp |
0 |
Remote SMTP server banner :
220 server.someisp.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 5 Feb 2003 15:09:53 -0600
|
| TCP |
25 |
smtp |
0 |
For some reason, we could not send the EICAR test string to this MTA
|
