10.0.12.2

Repartition of the level of the security problems :

List of open ports :

• netbios-ns (137/udp) (Security warnings found)
• general/udp (Security notes found)
• snmp (161/udp) (Security warnings found)
• unknown (2049/tcp) (Security warnings found)
• unknown (733/udp) (Security hole found)
• unknown (1025/udp) (Security warnings found)
• unknown (2049/udp) (Security warnings found)
• ntalk (518/udp) (Security notes found)
• domain (53/tcp) (Security notes found)
• unknown (31337/tcp) (Security hole found)

Warning found on port netbios-ns (137/udp)

. The following 7 NetBIOS names have been gathered :
ZOY = This is the computer name registered for workstation services by a WINS client.
ZOY = Computer name that is registered for the messenger service on a computer that is a WINS client.
ZOY

__MSBROWSE__
WORKGROUP = Workgroup / Domain name
WORKGROUP
WORKGROUP

. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium

Information found on port general/udp

For your information, here is the traceroute to 10.0.12.2 :
?

Warning found on port snmp (161/udp)

SNMP Agent port open, it is possible to execute
SNMP GET and SET, (with the proper community names)

Warning found on port unknown (2049/tcp)

Here is the export list of 10.0.12.2 :
/mnt/decss *,

CVE : CVE-1999-0554

Vulnerability found on port unknown (733/udp)

The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.

* NO SECURITY HOLE REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *

We suggest you to disable this
service.


Risk factor : High
CVE : CVE-1999-0018

Warning found on port unknown (1025/udp)

The nlockmgr RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.

Risk factor : Low
CVE : CAN-2000-0508

Warning found on port unknown (2049/udp)

The nfsd RPC service is running.
There is a bug in older versions of
this service that allow an intruder to
execute arbitrary commands on your system.

Make sure that you have the latest version
of nfsd

Risk factor : High
CVE : CAN-1999-0832

Information found on port ntalk (518/udp)

talkd is running (talkd is the server that notifies a user
that someone else wants to initiate a conversation)

Malicious hackers may use it to abuse legitimate
users by conversing with them with a false identity
(social engineering).
In addition to this, crackers may use this service
to execute arbitrary code on your system.

Solution: Disable talkd access from the network by adding the
approriate rule on your firewall. If you do not
need talkd, comment out the relevant line in /etc/inetd.conf.

See aditional information regarding the dangers of keeping
this port open:
http://www.cert.org/advisories/CA-97.04.talkd.html

Risk factor : Medium
CVE : CVE-1999-0048

Information found on port ntalk (518/udp)

talkd protocol version: 1
CVE : CVE-1999-0048

Information found on port domain (53/tcp)

The remote bind version is : 8.2.2-P5-NOESW

Vulnerability found on port unknown (31337/tcp)

This host seems to be running a passwordless
BackOrifice 1.x on this port.

BackOrifice is trojan which allows an intruder to take
the control of the remote computer.

A cracker may use it to steal your passwords, modify
your data, and preventing you from working properly.

Solution : reinstall your system
Risk factor : High
CVE : CAN-1999-0660