Scan Results
11/01/2006

Report Summary
Company: Acme Corporation
User: John Doe
Template Title: Scan Results
Active Hosts: 5
Total Hosts: 5
Scan Type: On demand
Scan Status: Finished
Scan Date: 10/26/2006 at 09:22:54
Reference: scan/1161872577.30123  
Scanner Appliance: 216.254.105.154 (Scanner SacureShield 1.1.5)
Duration: 00:39:57
Default Option Profile: Yes
Scan Title: N/A
Asset Groups: Acme Public Net
Target: 192.168.1.1-192.168.1.3, 192.168.1.13, 192.168.1.15
Options: Deep
Filters: Vulnerability Checks: Disabled checks, Ignored checks

Summary of Vulnerabilities
Vulnerabilities Total 106
Average Security Risk  4.6
by Severity
Severity Confirmed Potential Information Gathered Total
    5 0 3 0 3
    4 1 2 0 3
    3 3 4 0 7
    2 11 0 7 18
    1 2 0 73 75
Total 17 9 80 106
5 Biggest Categories
Category Confirmed Potential Information Gathered Total
Information gathering 0 0 35 35
TCP/IP 4 0 27 31
Web server 5 1 10 16
General remote services 7 5 4 16
Hardware 0 3 0 3
Total 16 9 76 101
Vulnerabilities by Severity
Operating Systems Detected
Services Detected
Detailed Results
192.168.1.1 (-, -) Cisco IOS 11.3-12.4
1
ICMP Timestamp Request  
QID:82003
Category:TCP/IP
CVE ID:CVE-1999-0524
Vendor Reference:-
Bugtraq ID:-
Last Update:11/03/2005
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. It's principal purpose is to provide a protocol layer able to inform gateways of the inter-connectivity and accessibility of other gateways or hosts. "ping" is a well-known program for determining if a host is up or down. It uses ICMP echo packets. ICMP timestamp packets are used to synchronize clocks between hosts.
IMPACT:
Unauthorized users can obtain information about your network by sending ICMP timestamp packets. For example, the internal systems clock should not be disclosed since some internal daemons use this value to calculate ID or sequence numbers (i.e., on SunOS servers).
SOLUTION:
You can filter ICMP messages of type "Timestamp" and "Timestamp Reply" at the firewall level. Some system administrators choose to filter most types of ICMP messages for various reasons. For example, they may want to protect their internal hosts from ICMP-based Denial Of Service attacks, such as the Ping of Death or Smurf attacks.

However, you should never filter ALL ICMP messages, as some of them ("Don't Fragment", "Destination Unreachable", "Source Quench", etc) are necessary for proper behavior of Operating System TCP/IP stacks.

It may be wiser to contact your network consultants for advice, since this issue impacts your overall network reliability and security.

COMPLIANCE:
Not Applicable
RESULT:
Timestamp of host (network byte ordering): 14:22:59 GMT
Timestamp of host (host byte ordering): 00:27:24 GMT
As a reference, timestamp of the scanner is 22 minutes after the hour.
5
Multiple Vendor H.323 Protocol Implementation Vulnerabilities
port 1720/tcp
QID:38246
Category:General remote services
CVE ID:CVE-2004-0054
Vendor Reference:-
Bugtraq ID:9406
Last Update:11/09/2005
THREAT:
The H.323 protocol is used in various telephony and multimedia products in IP networks. It may be used in hardware products supporting multimedia conferencing as well as various operating systems.

The H.225 subcomponent of the H.323 protocol was found to have multiple vulnerabilities in various vendor implementations of the protocol. H.225 is most commonly used as a component of Voice over IP (VoIP).

IMPACT:
These vulnerabilities may be exploited to cause a range of consequences, from a denial of service to potential arbitrary code execution.
SOLUTION:
Fixes are available for these issues from some vendors, while others are still investigating whether their products are vulnerable.

Microsoft has patches and a description of the problem in Microsoft Security Bulletin MS04-001.

Cisco has issued information in this Cisco security advisory.

Nortel reported some vulnerable products.

  • Communications Manager (BCM) is potentially affected (all versions). See Product Advisory PAA 2003-0392-Global for information.

  • Succession 1000 IP Trunk and IP Peer Networking as well as 802.11 Wireless IP Gateway are potentially affected. See Product Advisory Alert No. PAA-2003-0465-Global for information.
COMPLIANCE:
Not Applicable
RESULT:
Detected service h323 and os CISCO IOS 11.3-12.4
2
Operating System Detected  
QID:45017
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:02/09/2005
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Operating SystemTechniqueID
Cisco IOS 11.3-12.4TCP/IP FingerprintU1053:5060
1
ICMP Replies Received  
QID:82040
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:01/16/2003
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

COMPLIANCE:
Not Applicable
RESULT:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request00:27:24 GMT
1
DNS Host Name  
QID:6
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:-
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
COMPLIANCE:
Not Applicable
RESULT:
IP addressHost name
192.168.1.1No registered hostname
1
Traceroute  
QID:45006
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:05/09/2003
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
COMPLIANCE:
Not Applicable
RESULT:
HopsIPRound Trip TimeProbe
1167.216.252.10.53msICMP
2216.34.3.570.32msICMP
3208.173.55.490.98msICMP
4208.175.172.1702.72msICMP
5152.63.57.1022.76msICMP
6152.63.68.11777.15msICMP
7152.63.18.3077.34msICMP
8152.63.23.3780.73msICMP
963.111.120.10281.90msICMP
1066.155.218.181.77msICMP
1164.80.254.18282.25msTCP
1267.151.33.3687.27msTCP
13192.168.1.191.88msTCP
1
Target Network Information  
QID:45004
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/10/2003
THREAT:
This information was gathered using WHOIS service for the target network. Note that this is not all the information that WHOIS service provides.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
COMPLIANCE:
Not Applicable
RESULT:
The network handle is: NET-67-151-210-0-1
Network description:
SAVIENT PHARMACEUTICALS--12TH FLOOR-- PAET-NY-SAVIE-1
1
Internet Service Provider  
QID:45005
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/10/2003
THREAT:
This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
COMPLIANCE:
Not Applicable
RESULT:
The ISP network handle is: NET-67-151-33-0-1
ISP Network description:
PaeTec Communications PAET-NYC-NYC2BB-1
1
Host Scan Time  
QID:45038
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/18/2004
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Scan duration: 867 seconds

Start time: Thu, Oct 26 2006, 14:22:57 GMT

End time: Thu, Oct 26 2006, 14:37:24 GMT
1
Open TCP Services List  
QID:82023
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:-
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.
IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
RESULT:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
1720netmeetingh323hostcall h323hostcallh323
5060sipSIPunknown
1
IP ID Values Randomness  
QID:82046
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:07/27/2006
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
IP ID changes observed (network order) for port 5060: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
Duration: 300 milli seconds
1
Host Name Not Available  
QID:82056
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:10/07/2004
THREAT:
Attempts to obtain the fully-qualified domain name (FQDN) or the Netbios name failed for this host.
COMPLIANCE:
Not Applicable
RESULT:
No results available
1
Degree of Randomness of TCP Initial Sequence Numbers  
QID:82045
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/19/2004
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Average change between subsequent TCP initial sequence numbers is 1153277808 with a standard
deviation of 711631541. These TCP initial sequence numbers were triggered by TCP SYN probes sent to
the host at an average rate of 1/(9999 microseconds). The degree of difficulty to exploit the TCP
initial sequence number generation scheme is: hard.
192.168.1.2 (-, -) Cisco IOS 11.3-12.4
1
ICMP Timestamp Request  
QID:82003
Category:TCP/IP
CVE ID:CVE-1999-0524
Vendor Reference:-
Bugtraq ID:-
Last Update:11/03/2005
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. It's principal purpose is to provide a protocol layer able to inform gateways of the inter-connectivity and accessibility of other gateways or hosts. "ping" is a well-known program for determining if a host is up or down. It uses ICMP echo packets. ICMP timestamp packets are used to synchronize clocks between hosts.
IMPACT:
Unauthorized users can obtain information about your network by sending ICMP timestamp packets. For example, the internal systems clock should not be disclosed since some internal daemons use this value to calculate ID or sequence numbers (i.e., on SunOS servers).
SOLUTION:
You can filter ICMP messages of type "Timestamp" and "Timestamp Reply" at the firewall level. Some system administrators choose to filter most types of ICMP messages for various reasons. For example, they may want to protect their internal hosts from ICMP-based Denial Of Service attacks, such as the Ping of Death or Smurf attacks.

However, you should never filter ALL ICMP messages, as some of them ("Don't Fragment", "Destination Unreachable", "Source Quench", etc) are necessary for proper behavior of Operating System TCP/IP stacks.

It may be wiser to contact your network consultants for advice, since this issue impacts your overall network reliability and security.

COMPLIANCE:
Not Applicable
RESULT:
Timestamp of host (network byte ordering): 14:22:59 GMT
5
Multiple Vendor H.323 Protocol Implementation Vulnerabilities
port 1720/tcp
QID:38246
Category:General remote services
CVE ID:CVE-2004-0054
Vendor Reference:-
Bugtraq ID:9406
Last Update:11/09/2005
THREAT:
The H.323 protocol is used in various telephony and multimedia products in IP networks. It may be used in hardware products supporting multimedia conferencing as well as various operating systems.

The H.225 subcomponent of the H.323 protocol was found to have multiple vulnerabilities in various vendor implementations of the protocol. H.225 is most commonly used as a component of Voice over IP (VoIP).

IMPACT:
These vulnerabilities may be exploited to cause a range of consequences, from a denial of service to potential arbitrary code execution.
SOLUTION:
Fixes are available for these issues from some vendors, while others are still investigating whether their products are vulnerable.

Microsoft has patches and a description of the problem in Microsoft Security Bulletin MS04-001.

Cisco has issued information in this Cisco security advisory.

Nortel reported some vulnerable products.

  • Communications Manager (BCM) is potentially affected (all versions). See Product Advisory PAA 2003-0392-Global for information.

  • Succession 1000 IP Trunk and IP Peer Networking as well as 802.11 Wireless IP Gateway are potentially affected. See Product Advisory Alert No. PAA-2003-0465-Global for information.
COMPLIANCE:
Not Applicable
RESULT:
Detected service h323 and os CISCO IOS 11.3-12.4
2
Operating System Detected  
QID:45017
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:02/09/2005
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Operating SystemTechniqueID
Cisco IOS 11.3-12.4TCP/IP FingerprintU1053:1720
1
ICMP Replies Received  
QID:82040
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:01/16/2003
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

COMPLIANCE:
Not Applicable
RESULT:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request14:22:59 GMT
1
DNS Host Name  
QID:6
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:-
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
COMPLIANCE:
Not Applicable
RESULT:
IP addressHost name
192.168.1.2No registered hostname
1
Traceroute  
QID:45006
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:05/09/2003
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
COMPLIANCE:
Not Applicable
RESULT:
HopsIPRound Trip TimeProbe
1167.216.252.10.18msICMP
2216.34.3.570.29msICMP
3208.173.55.490.86msICMP
4208.175.172.1702.81msICMP
5152.63.57.1022.83msICMP
6152.63.68.11776.97msICMP
7152.63.18.3076.95msICMP
8152.63.22.253205.38msICMP
963.111.120.102214.12msICMP
1066.155.218.33206.46msICMP
1164.80.254.182201.24msICMP
1267.151.33.6193.98msICMP
13192.168.1.2222.88msTCP
1
Target Network Information  
QID:45004
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/10/2003
THREAT:
This information was gathered using WHOIS service for the target network. Note that this is not all the information that WHOIS service provides.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
COMPLIANCE:
Not Applicable
RESULT:
The network handle is: NET-67-151-210-0-1
Network description:
SAVIENT PHARMACEUTICALS--12TH FLOOR-- PAET-NY-SAVIE-1
1
Internet Service Provider  
QID:45005
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/10/2003
THREAT:
This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
COMPLIANCE:
Not Applicable
RESULT:
The ISP network handle is: NET-67-151-33-0-1
ISP Network description:
PaeTec Communications PAET-NYC-NYC2BB-1
1
Host Scan Time  
QID:45038
Category:Information gathering
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/18/2004
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Scan duration: 1071 seconds

Start time: Thu, Oct 26 2006, 14:22:57 GMT

End time: Thu, Oct 26 2006, 14:40:48 GMT
1
Open TCP Services List  
QID:82023
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:-
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.
IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
RESULT:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
1720netmeetingh323hostcall h323hostcallh323
5060sipSIPunknown
1
IP ID Values Randomness  
QID:82046
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:07/27/2006
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
IP ID changes observed (network order) for port 1720: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
Duration: 307 milli seconds
1
Degree of Randomness of TCP Initial Sequence Numbers  
QID:82045
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/19/2004
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
RESULT:
Average change between subsequent TCP initial sequence numbers is 929779753 with a standard
deviation of 587104608. These TCP initial sequence numbers were triggered by TCP SYN probes sent to
the host at an average rate of 1/(9999 microseconds). The degree of difficulty to exploit the TCP
initial sequence number generation scheme is: hard.
1
Host Name Not Available  
QID:82056
Category:TCP/IP
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:10/07/2004
THREAT:
Attempts to obtain the fully-qualified domain name (FQDN) or the Netbios name failed for this host.
COMPLIANCE:
Not Applicable
RESULT:
No results available
192.168.1.3 (-, -) Cisco IOS 11.3-12.4
2
NTP Information Disclosure Vulnerability
port 123/udp
QID:38293
Category:General remote services
CVE ID:-
Vendor Reference:-
Bugtraq ID:-
Last Update:11/09/2005
THREAT:
The NTP service running on the host allows queries of NTP variables.
IMPACT:
A remote user can obtain sensitive information about the host by querying various variables. The information obtained can aid in further attacks against the system.
SOLUTION:
Please reconfigure NTP to restrict remote access.
COMPLIANCE:
Not Applicable
RESULT:
cisco", leap=0, stratum=3, rootdelay=34.59,
rootdispersion=16.46, peer=3913, refid=18.72.0.3,
reftime=0xC8EB42D6.2CDE4C3A, poll=10, clock=0xC8EB435C.D5AEC57E,
phase=-3.687, freq=20.17, error=9.70
cisco", leap=0, stratum=3, rootdelay=34.59,
rootdispersion=16.46, peer=3913, refid=18.72.0.3,
reftime=0xC8EB42D6.2CDE4C3A, poll=10, clock=0xC8EB435C.FCCB6E5A,
phase=-3.687, freq=20.17, error=9.70


2
UDP Constant IP Identification Field Fingerprinting Vulnerability  
QID:82024
Category:TCP/IP
CVE ID:CVE-2002-0510
Vendor Reference:-
Bugtraq ID: