Lab 5 - Computer Science
The key to this assignment is to demonstrate your understanding of the topics, not to re-word the text or reference material. Must be 100\% original work. no plagiarism.
Please complete (Attached)
1. Lab #5 – A four-paragraph executive summary written to executive management providing asummary of findings, risk impact to the IT asset and organization, and recommendations for next
steps.
2. Lab #5 - Assessment Questions and Answers
Please use the 2 attached PDF Reports (Archived Vulnerability Scan Report and Nmap Scan Report) to complete the lab assignment
Your submissions should follow APA format for the Executive Summary
nmap -sS -sU -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-31 13:36 Eastern Daylight Time
NSE: Loaded 36 scripts for scanning.
Initiating ARP Ping Scan at 13:36
Scanning 67 hosts [1 port/host]
Completed ARP Ping Scan at 13:36, 1.22s elapsed (67 total hosts)
Initiating Parallel DNS resolution of 67 hosts. at 13:36
Completed Parallel DNS resolution of 67 hosts. at 13:36, 13.03s elapsed
Initiating Parallel DNS resolution of 1 host. at 13:36
Completed Parallel DNS resolution of 1 host. at 13:36, 13.00s elapsed
Initiating SYN Stealth Scan at 13:36
Scanning 4 hosts [1000 ports/host]
Discovered open port 1025/tcp on 172.30.0.10
Discovered open port 1025/tcp on 172.30.0.66
Discovered open port 25/tcp on 172.30.0.66
Discovered open port 8080/tcp on 172.30.0.66
Discovered open port 139/tcp on 172.30.0.10
Discovered open port 21/tcp on 172.30.0.66
Discovered open port 554/tcp on 172.30.0.66
Discovered open port 139/tcp on 172.30.0.66
Discovered open port 53/tcp on 172.30.0.10
Discovered open port 135/tcp on 172.30.0.10
Discovered open port 53/tcp on 172.30.0.66
Discovered open port 135/tcp on 172.30.0.66
Discovered open port 445/tcp on 172.30.0.10
Discovered open port 445/tcp on 172.30.0.66
Discovered open port 80/tcp on 172.30.0.66
Discovered open port 9/tcp on 172.30.0.66
Discovered open port 19/tcp on 172.30.0.66
Discovered open port 3269/tcp on 172.30.0.10
Discovered open port 389/tcp on 172.30.0.10
Discovered open port 1026/tcp on 172.30.0.66
Discovered open port 1045/tcp on 172.30.0.66
Discovered open port 1037/tcp on 172.30.0.10
Discovered open port 1034/tcp on 172.30.0.66
Discovered open port 1027/tcp on 172.30.0.10
Discovered open port 1043/tcp on 172.30.0.66
Discovered open port 88/tcp on 172.30.0.10
Discovered open port 1029/tcp on 172.30.0.66
Discovered open port 17/tcp on 172.30.0.66
Discovered open port 1040/tcp on 172.30.0.10
Discovered open port 1801/tcp on 172.30.0.66
Discovered open port 8099/tcp on 172.30.0.66
Discovered open port 464/tcp on 172.30.0.10
Discovered open port 8089/tcp on 172.30.0.66
Discovered open port 119/tcp on 172.30.0.66
Discovered open port 1755/tcp on 172.30.0.66
Discovered open port 636/tcp on 172.30.0.10
Discovered open port 13/tcp on 172.30.0.66
Discovered open port 593/tcp on 172.30.0.10
Discovered open port 7/tcp on 172.30.0.66
Discovered open port 1039/tcp on 172.30.0.66
Discovered open port 2105/tcp on 172.30.0.66
Discovered open port 2107/tcp on 172.30.0.66
Discovered open port 563/tcp on 172.30.0.66
Discovered open port 42/tcp on 172.30.0.66
Discovered open port 1035/tcp on 172.30.0.66
Discovered open port 1048/tcp on 172.30.0.10
Discovered open port 8000/tcp on 172.30.0.66
Discovered open port 1032/tcp on 172.30.0.66
Discovered open port 3268/tcp on 172.30.0.10
Discovered open port 2103/tcp on 172.30.0.66
Completed SYN Stealth Scan against 172.30.0.66 in 0.42s (3 hosts left)
Discovered open port 3389/tcp on 172.30.0.49
Discovered open port 22/tcp on 172.30.0.1
Discovered open port 443/tcp on 172.30.0.1
Completed SYN Stealth Scan against 172.30.0.10 in 1.49s (2 hosts left)
Discovered open port 912/tcp on 172.30.0.49
Completed SYN Stealth Scan against 172.30.0.1 in 7.89s (1 host left)
Completed SYN Stealth Scan at 13:37, 7.98s elapsed (4000 total ports)
Initiating UDP Scan at 13:37
Scanning 4 hosts [1000 ports/host]
Discovered open port 1036/udp on 172.30.0.10
Discovered open port 19/udp on 172.30.0.66
Discovered open port 17/udp on 172.30.0.66
Discovered open port 53/udp on 172.30.0.66
Discovered open port 137/udp on 172.30.0.10
Discovered open port 7/udp on 172.30.0.66
Discovered open port 137/udp on 172.30.0.66
Discovered open port 123/udp on 172.30.0.10
Discovered open port 13/udp on 172.30.0.66
Completed UDP Scan against 172.30.0.10 in 3.84s (3 hosts left)
Completed UDP Scan against 172.30.0.66 in 3.88s (2 hosts left)
Completed UDP Scan against 172.30.0.1 in 5.76s (1 host left)
Completed UDP Scan at 13:37, 5.76s elapsed (4000 total ports)
Initiating Service scan at 13:37
Scanning 2095 services on 4 hosts
Service scan Timing: About 2.00\% done; ETC: 14:04 (0:26:53 remaining)
Service scan Timing: About 2.82\% done; ETC: 14:23 (0:44:52 remaining)
Service scan Timing: About 3.29\% done; ETC: 14:33 (0:54:19 remaining)
Service scan Timing: About 4.25\% done; ETC: 14:38 (0:58:36 remaining)
Service scan Timing: About 4.73\% done; ETC: 14:43 (1:03:10 remaining)
Service scan Timing: About 6.16\% done; ETC: 14:49 (1:07:34 remaining)
Service scan Timing: About 10.45\% done; ETC: 14:56 (1:11:15 remaining)
Service scan Timing: About 17.09\% done; ETC: 14:58 (1:07:12 remaining)
Service scan Timing: About 25.68\% done; ETC: 15:01 (1:02:31 remaining)
Service scan Timing: About 32.84\% done; ETC: 15:02 (0:57:24 remaining)
Service scan Timing: About 38.57\% done; ETC: 15:03 (0:52:56 remaining)
Service scan Timing: About 44.30\% done; ETC: 15:03 (0:48:19 remaining)
Discovered open port 53/udp on 172.30.0.10
Discovered open|filtered port 53/udp on 172.30.0.10 is actually open
Discovered open port 88/udp on 172.30.0.10
Discovered open|filtered port 88/udp on 172.30.0.10 is actually open
Service scan Timing: About 50.12\% done; ETC: 15:04 (0:43:23 remaining)
Service scan Timing: About 55.85\% done; ETC: 15:04 (0:38:33 remaining)
Service scan Timing: About 61.58\% done; ETC: 15:04 (0:33:39 remaining)
Service scan Timing: About 67.30\% done; ETC: 15:04 (0:28:42 remaining)
Service scan Timing: About 72.55\% done; ETC: 15:05 (0:24:16 remaining)
Service scan Timing: About 77.61\% done; ETC: 15:05 (0:19:49 remaining)
Service scan Timing: About 83.05\% done; ETC: 15:05 (0:14:57 remaining)
Service scan Timing: About 88.31\% done; ETC: 15:05 (0:10:23 remaining)
Service scan Timing: About 93.37\% done; ETC: 15:05 (0:05:54 remaining)
Discovered open port 1028/udp on 172.30.0.66
Discovered open|filtered port 1028/udp on 172.30.0.66 is actually open
Service scan Timing: About 98.38\% done; ETC: 15:06 (0:01:27 remaining)
Completed Service scan at 15:05, 5325.07s elapsed (2095 services on 4 hosts)
Initiating OS detection (try #1) against 4 hosts
Retrying OS detection (try #2) against 172.30.0.1
NSE: Script scanning 4 hosts.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:06
Discovered open port 67/udp on 172.30.0.49
Discovered open port 67/udp on 172.30.0.10
Completed NSE at 15:06, 42.92s elapsed
NSE: Script Scanning completed.
Nmap scan report for 172.30.0.1
Host is up (0.00059s latency).
Not shown: 1000 open|filtered ports, 998 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 2.0)
|_ssh-hostkey: 2048 74:04:7c:78:d8:6b:6d:f9:e8:5f:51:73:88:5e:fa:f1 (RSA)
443/tcp open ssl/http Cisco Adaptive Security Appliance http config
|_html-title: Authorization Required
| http-auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = Authentication
MAC Address: C8:4C:75:56:DE:A6 (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch
Running (JUST GUESSING) : Cisco embedded (89\%)
Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89\%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Randomized
Service Info: OS: IOS; Device: security-misc
HOP RTT ADDRESS
1 0.59 ms 172.30.0.1
Nmap scan report for 172.30.0.10
Host is up (0.00027s latency).
Not shown: 1969 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain?
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1037/tcp open msrpc Microsoft Windows RPC
1040/tcp open msrpc Microsoft Windows RPC
1048/tcp open msrpc Microsoft Windows RPC
3268/tcp open ldap
3269/tcp open tcpwrapped
53/udp open domain
|_dns-recursion: Recursion appears to be enabled
67/udp open dhcps?
| dhcp-discover:
| IP Offered: 172.30.0.67
| DHCP Message Type: DHCPOFFER
| Subnet Mask: 255.255.255.0
| Renewal Time Value: 0 days, 0:00:00
| Rebinding Time Value: 0 days, 0:00:00
| IP Address Lease Time: 0 days, 0:00:01
| Server Identifier: 172.30.0.10
| Router: 172.30.0.1
| Domain Name Server: 172.30.0.10
| Domain Name: vlabs.local
| NetBIOS Name Server: 172.30.0.10
|_ NetBIOS Node Type: 8
68/udp open|filtered dhcpc
88/udp open kerberos Windows 2003 Kerberos (server time: 20100731182038Z)
123/udp open ntp NTP v3
| ntp-info:
|_ receive time stamp: 07/31/10 15:06:16
137/udp open netbios-ns Microsoft Windows NT netbios-ssn (workgroup: VLABS)
138/udp open|filtered netbios-dgm
389/udp open|filtered ldap
445/udp open|filtered microsoft-ds
464/udp open|filtered kpasswd5
500/udp open|filtered isakmp
1029/udp open|filtered unknown
1036/udp open unknown
1042/udp open|filtered unknown
4500/udp open|filtered nat-t-ike
1 service unrecognized despite returning data. If you know the service/version, please submit the
following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port1036-UDP:V=5.21\%I=7\%D=7/31\%Time=4C545F5A\%P=i686-pc-windows-windows\%
SF:r(NBTStat,32,\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAA
SF:AAAAAAAAAAAAA\0\0!\0\x01)\%r(xdmcp,7,\0\x01\x80\x01\0\x01\0)\%r(DNS-SD
SF:,2E,\0\0\x80\x82\0\x01\0\0\0\0\0\0\t_services\x07_dns-sd\x04_udp\x05lo
SF:cal\0\0\x0c\0\x01);
MAC Address: 00:0C:29:D8:9D:DC (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: WINDOWS01; OS: Windows
Host script results:
| smb-os-discovery:
| OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
| Name: VLABS\WINDOWS01
|_ System time: 2010-07-31 15:06:09 UTC-4
|_smbv2-enabled: Server doesnt support SMBv2 protocol
| nbstat:
| NetBIOS name: WINDOWS01, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:d8:9d:dc
| Names
| WINDOWS01<00> Flags: <unique><active>
| VLABS<00> Flags: <group><active>
| VLABS<1c> Flags: <group><active>
| WINDOWS01<20> Flags: <unique><active>
| VLABS<1b> Flags: <unique><active>
| VLABS<1e> Flags: <group><active>
| VLABS<1d> Flags: <unique><active>
|_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
HOP RTT ADDRESS
1 0.27 ms 172.30.0.10
Nmap scan report for 172.30.0.49
Host is up (0.00040s latency).
Not shown: 999 open|filtered ports, 997 filtered ports
PORT STATE SERVICE VERSION
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
2869/tcp closed unknown
3389/tcp open microsoft-rdp Microsoft Terminal Service
67/udp open dhcps?
| dhcp-discover:
| IP Offered: 172.30.0.67
| DHCP Message Type: DHCPOFFER
| Subnet Mask: 255.255.255.0
| Renewal Time Value: 0 days, 0:00:00
| Rebinding Time Value: 0 days, 0:00:00
| IP Address Lease Time: 0 days, 0:00:01
| Server Identifier: 172.30.0.10
| Router: 172.30.0.1
| Domain Name Server: 172.30.0.10
| Domain Name: vlabs.local
| NetBIOS Name Server: 172.30.0.10
|_ NetBIOS Node Type: 8
MAC Address: 00:1F:29:D6:E7:0C (Hewlett Packard)
Device type: general purpose
Running: Microsoft Windows 2000|XP
OS details: Microsoft Windows 2000 Server SP3 or SP4, Microsoft Windows XP Professional SP2,
Microsoft Windows XP SP2 or SP3, or Windows Server 2003, Microsoft Windows XP SP3
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows
HOP RTT ADDRESS
1 0.40 ms 172.30.0.49
Nmap scan report for 172.30.0.66
Host is up (0.00027s latency).
Not shown: 1940 closed ports
PORT STATE SERVICE VERSION
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Microsoft Windows USA daytime
17/tcp open qotd Windows qotd
19/tcp open chargen
21/tcp open ftp FileZilla ftpd
25/tcp open smtp Microsoft ESMTP 6.0.3790.1830
42/tcp open wins Microsoft Windows Wins
53/tcp open domain?
80/tcp open http Microsoft IIS webserver 6.0
|_html-title: Under Construction
119/tcp open nntp Microsoft NNTP Service 6.0.3790.1830 (posting ok)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
554/tcp open rtsp Microsoft Windows Media Server 9.1.1.3814
563/tcp open snews?
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1029/tcp open msrpc Microsoft Windows RPC
1032/tcp open msrpc Microsoft Windows RPC
1034/tcp open msrpc Microsoft Windows RPC
1035/tcp open msrpc Microsoft Windows RPC
1039/tcp open msrpc Microsoft Windows RPC
1043/tcp open msrpc Microsoft Windows RPC
1045/tcp open msrpc Microsoft Windows RPC
1755/tcp open wms?
1801/tcp open unknown
2103/tcp open msrpc Microsoft Windows RPC
2105/tcp open msrpc Microsoft Windows RPC
2107/tcp open msrpc Microsoft Windows RPC
8000/tcp open http CherryPy httpd 3.1.2
| html-title: Site doesnt have a title (text/html;charset=utf-8).
|_Requested resource was http://172.30.0.66:8000/en-US/
8080/tcp open http Microsoft IIS webserver 6.0
| http-auth: HTTP Service requires authentication
| Auth type: Negotiate
|_ Auth type: NTLM
|_html-title: You are not authorized to view this page
8089/tcp open ssl/http Splunkd httpd
|_sslv2: server still supports SSLv2
|_html-title: Site doesnt have a title (text/html; charset=utf-8).
8099/tcp open http Microsoft IIS webserver 6.0
|_html-title: The page must be viewed over a secure channel
7/udp open echo
9/udp open|filtered discard
13/udp open daytime Windows small service daytime
17/udp open qotd Windows qotd
19/udp open chargen SunOS chargen
42/udp open|filtered nameserver
53/udp open domain?
|_dns-recursion: Recursion appears to be enabled
67/udp open|filtered dhcps
69/udp open|filtered tftp
123/udp open|filtered ntp
137/udp open netbios-ns Microsoft Windows netbios-ssn (workgroup: WORKGROUP)
138/udp open|filtered netbios-dgm
161/udp open|filtered snmp
445/udp open|filtered microsoft-ds
500/udp open|filtered isakmp
514/udp open|filtered syslog
1028/udp open domain Zoom X5 ADSL modem DNS
1033/udp open|filtered unknown
1036/udp open|filtered unknown
1038/udp open|filtered unknown
1645/udp open|filtered radius
1646/udp open|filtered radacct
1812/udp open|filtered radius
1813/udp open|filtered radacct
3456/udp open|filtered IISrpc-or-vat
4500/udp open|filtered nat-t-ike
1 service unrecognized despite returning data. If you know the service/version, please submit the
following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port53-UDP:V=5.21\%I=7\%D=7/31\%Time=4C545F60\%P=i686-pc-windows-windows\%r(
SF:NBTStat,32,\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAA
SF:AAAAAAAAAAA\0\0!\0\x01)\%r(SNMPv3GetRequest,3C,0:\x82\x01\x030\x0f\x02
SF:\x02Ji\x02\x03\0\xff\xe3\x04\x01\x04\x02\x01\x03\x04\x100\x0e\x04\0\x02
SF:\x01\0\x02\x01\0\x04\0\x04\0\x04\x000\x12\x04\0\x04\0\xa0\x0c\x02\x027\
SF:xf0\x02\x01\0\x02\x01\x000\0)\%r(DNS-SD,2E,\0\0\x80\x82\0\x01\0\0\0\0\
SF:0\0\t_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01);
MAC Address: 00:0C:29:D6:61:16 (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: TargetWindows01; OSs: Windows, SunOS; Device: broadband router
Host script results:
| nbstat:
| NetBIOS name: TARGETWINDOWS01, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:d6:61:16
| Names
| TARGETWINDOWS01<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
| TARGETWINDOWS01<20> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
|_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
|_smbv2-enabled: Server doesnt support SMBv2 protocol
| smb-os-discovery:
| OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
| Name: WORKGROUP\TARGETWINDOWS01
|_ System time: 2010-07-31 15:06:10 UTC-4
HOP RTT ADDRESS
1 0.27 ms 172.30.0.66
Initiating ARP Ping Scan at 15:06
Scanning 188 hosts [1 port/host]
Completed ARP Ping Scan at 15:06, 6.56s elapsed (188 total hosts)
Skipping SYN Stealth Scan against 172.30.0.67 because Windows does not support scanning your own
machine (localhost) this way.
Skipping UDP Scan against 172.30.0.67 because Windows does not support scanning your own machine
(localhost) this way.
Initiating Service scan at 15:06
Skipping OS Scan against 172.30.0.67 because it doesnt work against your own machine (localhost)
NSE: Script scanning 172.30.0.67.
NSE: Script Scanning completed.
Nmap scan report for 172.30.0.67
Host is up.
PORT STATE SERVICE VERSION
1/tcp unknown tcpmux
3/tcp unknown compressnet
4/tcp unknown unknown
6/tcp unknown unknown
7/tcp unknown echo
9/tcp unknown discard
13/tcp unknown daytime
17/tcp unknown qotd
19/tcp unknown chargen
20/tcp unknown ftp-data
21/tcp unknown ftp
22/tcp unknown ssh
23/tcp unknown telnet
24/tcp unknown priv-mail
25/tcp unknown smtp
26/tcp unknown rsftp
30/tcp unknown unknown
32/tcp unknown unknown
33/tcp unknown dsp
37/tcp unknown time
42/tcp unknown nameserver
43/tcp unknown whois
49/tcp unknown tacacs
53/tcp unknown domain
70/tcp unknown gopher
79/tcp unknown finger
80/tcp unknown http
81/tcp unknown hosts2-ns
82/tcp unknown xfer
83/tcp unknown mit-ml-dev
84/tcp unknown ctf
85/tcp unknown mit-ml-dev
88/tcp unknown kerberos-sec
89/tcp unknown su-mit-tg
90/tcp unknown dnsix
99/tcp unknown metagram
100/tcp unknown newacct
106/tcp unknown pop3pw
109/tcp unknown pop2
110/tcp unknown pop3
111/tcp unknown rpcbind
113/tcp unknown auth
119/tcp unknown nntp
125/tcp unknown locus-map
135/tcp unknown msrpc
139/tcp unknown netbios-ssn
143/tcp unknown imap
144/tcp unknown news
146/tcp unknown iso-tp0
161/tcp unknown snmp
163/tcp unknown cmip-man
179/tcp unknown bgp
199/tcp unknown smux
211/tcp unknown 914c-g
212/tcp unknown anet
222/tcp unknown rsh-spx
254/tcp unknown unknown
255/tcp unknown unknown
256/tcp unknown fw1-secureremote
259/tcp unknown esro-gen
264/tcp unknown bgmp
280/tcp unknown http-mgmt
301/tcp unknown unknown
306/tcp unknown unknown
311/tcp unknown asip-webadmin
340/tcp unknown unknown
366/tcp unknown odmr
389/tcp unknown ldap
406/tcp unknown imsp
407/tcp unknown timbuktu
416/tcp unknown silverplatter
417/tcp unknown onmux
425/tcp unknown icad-el
427/tcp unknown svrloc
443/tcp unknown https
444/tcp unknown snpp
445/tcp unknown microsoft-ds
458/tcp unknown appleqtc
464/tcp unknown kpasswd5
465/tcp unknown smtps
481/tcp unknown dvs
497/tcp unknown retrospect
500/tcp unknown isakmp
512/tcp unknown exec
513/tcp unknown login
514/tcp unknown shell
515/tcp unknown printer
524/tcp unknown ncp
541/tcp unknown uucp-rlogin
543/tcp unknown klogin
544/tcp unknown kshell
545/tcp unknown ekshell
548/tcp unknown afp
554/tcp unknown rtsp
555/tcp unknown dsf
563/tcp unknown snews
587/tcp unknown submission
593/tcp unknown http-rpc-epmap
616/tcp unknown unknown
617/tcp unknown sco-dtmgr
625/tcp unknown apple-xsrvr-admin
631/tcp unknown ipp
636/tcp unknown ldapssl
646/tcp unknown ldp
648/tcp unknown unknown
666/tcp unknown doom
667/tcp unknown unknown
668/tcp unknown unknown
683/tcp unknown corba-iiop
687/tcp unknown unknown
691/tcp unknown resvc
700/tcp unknown unknown
705/tcp unknown unknown
711/tcp unknown unknown
714/tcp unknown unknown
720/tcp unknown unknown
722/tcp unknown unknown
726/tcp unknown unknown
749/tcp unknown kerberos-adm
765/tcp unknown webster
777/tcp unknown unknown
783/tcp unknown spamassassin
787/tcp unknown qsc
800/tcp unknown mdbs_daemon
801/tcp unknown device
808/tcp unknown ccproxy-http
843/tcp unknown unknown
873/tcp unknown rsync
880/tcp unknown unknown
888/tcp unknown accessbuilder
898/tcp unknown sun-manageconsole
900/tcp unknown unknown
901/tcp unknown samba-swat
902/tcp unknown iss-realsecure
903/tcp unknown iss-console-mgr
911/tcp unknown unknown
912/tcp unknown unknown
981/tcp unknown unknown
987/tcp unknown unknown
990/tcp unknown ftps
992/tcp unknown telnets
993/tcp unknown imaps
995/tcp unknown pop3s
999/tcp unknown garcon
1000/tcp unknown cadlock
1001/tcp unknown unknown
1002/tcp unknown windows-icfw
1007/tcp unknown unknown
1009/tcp unknown unknown
1010/tcp unknown unknown
1011/tcp unknown unknown
1021/tcp unknown unknown
1022/tcp unknown unknown
1023/tcp unknown netvenuechat
1024/tcp unknown kdm
1025/tcp unknown NFS-or-IIS
1026/tcp unknown LSA-or-nterm
1027/tcp unknown IIS
1028/tcp unknown unknown
1029/tcp unknown ms-lsa
1030/tcp unknown iad1
1031/tcp unknown iad2
1032/tcp unknown iad3
1033/tcp unknown netinfo
1034/tcp unknown zincite-a
1035/tcp unknown multidropper
1036/tcp unknown unknown
1037/tcp unknown unknown
1038/tcp unknown unknown
1039/tcp unknown unknown
1040/tcp unknown netsaint
1041/tcp unknown unknown
1042/tcp unknown unknown
1043/tcp unknown boinc
1044/tcp unknown unknown
1045/tcp unknown unknown
1046/tcp unknown unknown
1047/tcp unknown unknown
1048/tcp unknown unknown
1049/tcp unknown unknown
1050/tcp unknown java-or-OTGfileshare
1051/tcp unknown optima-vnet
1052/tcp unknown ddt
1053/tcp unknown unknown
1054/tcp unknown unknown
1055/tcp unknown ansyslmd
1056/tcp unknown unknown
1057/tcp unknown unknown
1058/tcp unknown nim
1059/tcp unknown nimreg
1060/tcp unknown polestar
1061/tcp unknown unknown
1062/tcp unknown veracity
1063/tcp unknown unknown
1064/tcp unknown unknown
1065/tcp unknown unknown
1066/tcp unknown fpo-fns
1067/tcp unknown instl_boots
1068/tcp unknown instl_bootc
1069/tcp unknown cognex-insight
1070/tcp unknown unknown
1071/tcp unknown unknown
1072/tcp unknown unknown
1073/tcp unknown unknown
1074/tcp unknown unknown
1075/tcp unknown unknown
1076/tcp unknown sns_credit
1077/tcp unknown unknown
1078/tcp unknown unknown
1079/tcp unknown unknown
1080/tcp unknown socks
1081/tcp unknown unknown
1082/tcp unknown unknown
1083/tcp unknown ansoft-lm-1
1084/tcp unknown ansoft-lm-2
1085/tcp unknown unknown
1086/tcp unknown unknown
1087/tcp unknown unknown
1088/tcp unknown unknown
1089/tcp unknown unknown
1090/tcp unknown unknown
1091/tcp unknown unknown
1092/tcp unknown unknown
1093/tcp unknown unknown
1094/tcp unknown unknown
1095/tcp unknown unknown
1096/tcp unknown unknown
1097/tcp unknown unknown
1098/tcp unknown unknown
1099/tcp unknown unknown
1100/tcp unknown unknown
1102/tcp unknown unknown
1104/tcp unknown unknown
1105/tcp unknown unknown
1106/tcp unknown unknown
1107/tcp unknown unknown
1108/tcp unknown unknown
1110/tcp unknown nfsd-status
1111/tcp unknown unknown
1112/tcp unknown msql
1113/tcp unknown unknown
1114/tcp unknown unknown
1117/tcp unknown unknown
1119/tcp unknown unknown
1121/tcp unknown unknown
1122/tcp unknown unknown
1123/tcp unknown unknown
1124/tcp unknown unknown
1126/tcp unknown unknown
1130/tcp unknown unknown
1131/tcp unknown unknown
1132/tcp unknown unknown
1137/tcp unknown unknown
1138/tcp unknown unknown
1141/tcp unknown unknown
1145/tcp unknown unknown
1147/tcp unknown unknown
1148/tcp unknown unknown
1149/tcp unknown unknown
1151/tcp unknown unknown
1152/tcp unknown unknown
1154/tcp unknown unknown
1163/tcp unknown unknown
1164/tcp unknown unknown
1165/tcp unknown unknown
1166/tcp unknown unknown
1169/tcp unknown unknown
1174/tcp unknown unknown
1175/tcp unknown unknown
1183/tcp unknown unknown
1185/tcp unknown unknown
1186/tcp unknown unknown
1187/tcp unknown unknown
1192/tcp unknown unknown
1198/tcp unknown unknown
1199/tcp unknown unknown
1201/tcp unknown unknown
1213/tcp unknown unknown
1216/tcp unknown unknown
1217/tcp unknown unknown
1218/tcp unknown aeroflight-ads
1233/tcp unknown unknown
1234/tcp unknown hotline
1236/tcp unknown unknown
1244/tcp unknown unknown
1247/tcp unknown unknown
1248/tcp unknown hermes
1259/tcp unknown unknown
1271/tcp unknown unknown
1272/tcp unknown unknown
1277/tcp unknown unknown
1287/tcp unknown unknown
1296/tcp unknown unknown
1300/tcp unknown unknown
1301/tcp unknown unknown
1309/tcp unknown unknown
1310/tcp unknown unknown
1311/tcp unknown rxmon
1322/tcp unknown unknown
1328/tcp unknown unknown
1334/tcp unknown unknown
1352/tcp unknown lotusnotes
1417/tcp unknown timbuktu-srv1
1433/tcp unknown ms-sql-s
1434/tcp unknown ms-sql-m
1443/tcp unknown ies-lm
1455/tcp unknown esl-lm
1461/tcp unknown ibm_wrless_lan
1494/tcp unknown citrix-ica
1500/tcp unknown vlsi-lm
1501/tcp unknown sas-3
1503/tcp unknown imtc-mcs
1521/tcp unknown oracle
1524/tcp unknown ingreslock
1533/tcp unknown virtual-places
1556/tcp unknown unknown
1580/tcp unknown unknown
1583/tcp unknown unknown
1594/tcp unknown unknown
1600/tcp unknown issd
1641/tcp unknown unknown
1658/tcp unknown unknown
1666/tcp unknown netview-aix-6
1687/tcp unknown unknown
1688/tcp unknown unknown
1700/tcp unknown mps-raft
1717/tcp unknown fj-hdnet
1718/tcp unknown unknown
1719/tcp unknown unknown
1720/tcp unknown H.323/Q.931
1721/tcp unknown unknown
1723/tcp unknown pptp
1755/tcp unknown wms
1761/tcp unknown landesk-rc
1782/tcp unknown hp-hcip
1783/tcp unknown unknown
1801/tcp unknown unknown
1805/tcp unknown unknown
1812/tcp unknown unknown
1839/tcp unknown unknown
1840/tcp unknown unknown
1862/tcp unknown unknown
1863/tcp unknown msnp
1864/tcp unknown paradym-31
1875/tcp unknown unknown
1900/tcp unknown upnp
1914/tcp unknown unknown
1935/tcp unknown rtmp
1947/tcp unknown unknown
1971/tcp unknown unknown
1972/tcp unknown unknown
1974/tcp unknown unknown
1984/tcp unknown bigbrother
1998/tcp unknown x25-svc-port
1999/tcp unknown tcp-id-port
2000/tcp unknown cisco-sccp
2001/tcp unknown dc
2002/tcp unknown globe
2003/tcp unknown finger
2004/tcp unknown mailbox
2005/tcp unknown deslogin
2006/tcp unknown invokator
2007/tcp unknown dectalk
2008/tcp unknown conf
2009/tcp unknown news
2010/tcp unknown search
2013/tcp unknown raid-am
2020/tcp unknown xinupageserver
2021/tcp unknown servexec
2022/tcp unknown down
2030/tcp unknown device2
2033/tcp unknown glogger
…
List of hosts
172.16.20.1 Low Severity problem(s) found
172.17.20.1 High Severity problem(s) found
172.18.20.1 High Severity problem(s) found
172.19.20.1 Low Severity problem(s) found
172.20.20.1 High Severity problem(s) found
172.30.0.10 High Severity problem(s) found
172.30.0.66 High Severity problem(s) found
[^] Back
172.16.20.1
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:36:50 2010
Number of vulnerabilities
Open ports : 2
High : 0
Medium : 0
Low : 2
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 172.16.20.1
Port general (0/icmp) [-/+]
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is set)
Plugin ID:
10114
Page 1 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
CVE:
CVE-1999-0524
Other references:
OSVDB:94
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 132 sec
Plugin ID:
19506
[^] Back to 172.16.20.1
[^] Back
172.17.20.1
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:37:36 2010
Number of vulnerabilities
Open ports : 5
High : 1
Medium : 0
Low : 8
Remote host information
Operating System : KYOCERA Printer
NetBIOS name :
DNS name :
[^] Back to 172.17.20.1
Port general (0/icmp) [-/+]
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Solution:
Page 2 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is set)
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94
OS Identification
Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match - please email the following to [email protected] : NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer
Plugin ID:
11936
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 178 sec
Plugin ID:
19506
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.17.20.1 : 172.30.0.67 172.20.20.1
172.20.0.2 172.17.20.1
Plugin ID:
10287
Port ntp (123/udp) [-/+]
Network Time Protocol (NTP) Server Detection
Page 3 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Synopsis:
An NTP server is listening on the remote host.
Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.
Risk factor:
None
Solution:
n/a
Plugin output:
It was possible to gather the following information from the remote NTP host : version=4,
processor=unknown, system=UNIX, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=44898.809, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558E5.B0D6A347, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000
Plugin ID:
10884
Port telnet (23/tcp) [-/+]
Cisco Device Default Password
Synopsis:
The remote device has a factory password set.
Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the enable password is not set either or is also a
default password.
Risk factor:
Critical
CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution:
Access this device and set a password using enable secret
Plugin output:
Plugin Output : It was possible to log in as cisco/cisco
Plugin ID:
23938
CVE:
CVE-1999-0508
Service Detection
A telnet server is running on this port.
Page 4 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Plugin ID:
22964
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive
information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin ID:
42263
Telnet Server Detection
Synopsis:
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server : ------------------------------ snip ---------------------------
--- User Access Verification Username: ------------------------------ snip ------------------------------
Plugin ID:
10281
[^] Back to 172.17.20.1
[^] Back
172.18.20.1
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:37:35 2010
Number of vulnerabilities
Page 5 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Open ports : 5
High : 1
Medium : 0
Low : 8
Remote host information
Operating System : KYOCERA Printer
NetBIOS name :
DNS name :
[^] Back to 172.18.20.1
Port general (0/icmp) [-/+]
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is set)
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94
OS Identification
Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match - please email the following to [email protected] : NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer
Plugin ID:
11936
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
Page 6 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
2010/8/5 11:34 Scan duration : 177 sec
Plugin ID:
19506
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.18.20.1 : 172.30.0.67 172.20.20.1
172.19.0.1 172.18.20.1
Plugin ID:
10287
Port ntp (123/udp) [-/+]
Network Time Protocol (NTP) Server Detection
Synopsis:
An NTP server is listening on the remote host.
Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.
Risk factor:
None
Solution:
n/a
Plugin output:
It was possible to gather the following information from the remote NTP host : version=4,
processor=unknown, system=UNIX, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45905.189, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558EA.EFBD9427, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000
Plugin ID:
10884
Port telnet (23/tcp) [-/+]
Cisco Device Default Password
Page 7 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Synopsis:
The remote device has a factory password set.
Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the enable password is not set either or is also a
default password.
Risk factor:
Critical
CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution:
Access this device and set a password using enable secret
Plugin output:
Plugin Output : It was possible to log in as cisco/cisco
Plugin ID:
23938
CVE:
CVE-1999-0508
Service Detection
A telnet server is running on this port.
Plugin ID:
22964
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive
information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin ID:
42263
Telnet Server Detection
Page 8 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Synopsis:
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server : ------------------------------ snip ---------------------------
--- User Access Verification Username: ------------------------------ snip ------------------------------
Plugin ID:
10281
[^] Back to 172.18.20.1
[^] Back
172.19.20.1
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:37:04 2010
Number of vulnerabilities
Open ports : 5
High : 0
Medium : 0
Low : 9
Remote host information
Operating System : CISCO IOS 12 CISCO PIX
NetBIOS name :
DNS name :
[^] Back to 172.19.20.1
Port general (0/icmp) [-/+]
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Page 9 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is set)
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94
OS Identification
Remote operating system : CISCO IOS 12 CISCO PIX Confidence Level : 69 Method : SSH Not all
fingerprints could give a match - please email the following to [email protected] : NTP:!:UNIX
SinFP: P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=22R SSH:SSH-2.0-Cisco-1.25 The remote host is
running one of these operating systems : CISCO IOS 12 CISCO PIX
Plugin ID:
11936
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched on the remote system.
Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host. Note that if an
official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following CPEs : cpe:/o:cisco:ios:12 cpe:/o:cisco:pix_firewall
Plugin ID:
45590
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
Page 10 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
2010/8/5 11:34 Scan duration : 146 sec
Plugin ID:
19506
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.19.20.1 : 172.30.0.67 172.20.20.1
172.19.20.1
Plugin ID:
10287
Port ntp (123/udp) [-/+]
Network Time Protocol (NTP) Server Detection
Synopsis:
An NTP server is listening on the remote host.
Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.
Risk factor:
None
Solution:
n/a
Plugin output:
It was possible to gather the following information from the remote NTP host : version=4,
processor=unknown, system=UNIX, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45894.944, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558DE.3C2417C4, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000
Plugin ID:
10884
Port ssh (22/tcp) [-/+]
Service Detection
Page 11 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
An SSH server is running on this port.
Plugin ID:
22964
SSH Server Type and Version Information
Synopsis:
An SSH server is listening on this port.
Description:
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Risk factor:
None
Solution:
n/a
Plugin output:
SSH version : SSH-2.0-Cisco-1.25 SSH supported authentication : keyboard-interactive,password
Plugin ID:
10267
SSH Protocol Versions Supported
Synopsis:
A SSH server is running on the remote host.
Description:
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote SSH daemon supports the following versions of the SSH protocol : - 1.99 - 2.0 SSHv2 host
key fingerprint : 9b:3d:7c:93:84:73:58:72:a8:b4:67:b4:f7:ea:d0:46
Plugin ID:
10881
[^] Back to 172.19.20.1
[^] Back
172.20.20.1
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:37:31 2010
Number of vulnerabilities
Page 12 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Open ports : 6
High : 1
Medium : 0
Low : 9
Remote host information
Operating System : KYOCERA Printer
NetBIOS name :
DNS name :
[^] Back to 172.20.20.1
Port general (0/icmp) [-/+]
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is set)
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94
OS Identification
Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match - please email the following to [email protected] : NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B11023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer
Plugin ID:
11936
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
Page 13 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
2010/8/5 11:34 Scan duration : 173 sec
Plugin ID:
19506
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.20.20.1 : 172.30.0.67 172.20.20.1
Plugin ID:
10287
Port ntp (123/udp) [-/+]
Network Time Protocol (NTP) Server Detection
Synopsis:
An NTP server is listening on the remote host.
Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.
Risk factor:
None
Solution:
n/a
Plugin output:
It was possible to gather the following information from the remote NTP host : version=4,
processor=unknown, system=UNIX, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45935.174, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD0055933.709DBD75, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000
Plugin ID:
10884
Port telnet (23/tcp) [-/+]
Cisco Device Default Password
Synopsis:
Page 14 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
The remote device has a factory password set.
Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the enable password is not set either or is also a
default password.
Risk factor:
Critical
CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution:
Access this device and set a password using enable secret
Plugin output:
Plugin Output : It was possible to log in as cisco/cisco
Plugin ID:
23938
CVE:
CVE-1999-0508
Service Detection
A telnet server is running on this port.
Plugin ID:
22964
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive
information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin ID:
42263
Telnet Server Detection
Synopsis:
Page 15 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server : ------------------------------ snip ---------------------------
--- User Access Verification Username: ------------------------------ snip ------------------------------
Plugin ID:
10281
Port tftp (69/udp) [-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
[^] Back to 172.20.20.1
[^] Back
172.30.0.10
Scan Time
Start time : Thu Aug 05 11:34:38 2010
End time : Thu Aug 05 11:37:13 2010
Number of vulnerabilities
Open ports : 22
High : 5
Medium : 2
Low : 37
Remote host information
Page 16 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Operating
System :
Microsoft Windows Server
2003 Service Pack 1
NetBIOS
name :
WINDOWS01
DNS name :
[^] Back to 172.30.0.10
Port general (0/icmp) [-/+]
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code
Execution (958644) (uncredentialed check)
Synopsis:
Arbitrary code can be executed on the remote host due to a flaw in the Server service.
Description:
The remote host is vulnerable to a buffer overrun in the Server service that may allow an attacker to
execute arbitrary code on the remote host with the System privileges.
Risk factor:
Critical
CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution:
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
Plugin ID:
34477
CVE:
CVE-2008-4250
BID:
31874
Other references:
OSVDB:49243
ICMP Timestamp Request Remote Date Disclosure
Synopsis:
It is possible to determine the exact time set on the remote host.
Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Page 17 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Plugin output:
This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little
endian format (not in network format) The remote clock is synchronized with the local clock.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
VMware Virtual Machine Detection
Synopsis:
The remote host seems to be a VMware virtual machine.
Description:
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its configuration matches your
organizations security policy.
Risk factor:
None
Solution:
n/a
Plugin ID:
20094
Ethernet card brand
Synopsis:
The manufacturer can be deduced from the Ethernet OUI.
Page 18 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Description:
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified : 00:0c:29:d8:9d:dc : VMware, Inc.
Plugin ID:
35716
OS Identification
Remote operating system : Microsoft Windows Server 2003 Service Pack 1 Confidence Level : 99
Method : MSRPC The remote host is running Microsoft Windows Server 2003 Service Pack 1
Plugin ID:
11936
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched on the remote system.
Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host. Note that if an
official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following CPE : cpe:/o:microsoft:windows_2003_server::sp1
-> Microsoft Windows 2003 Server Service Pack 1
Plugin ID:
45590
Nessus Scan Information
Page 19 of 76Nessus Scan Report
8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht
Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 155 sec
Plugin ID:
19506
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote …
CATEGORIES
Economics
Nursing
Applied Sciences
Psychology
Science
Management
Computer Science
Human Resource Management
Accounting
Information Systems
English
Anatomy
Operations Management
Sociology
Literature
Education
Business & Finance
Marketing
Engineering
Statistics
Biology
Political Science
Reading
History
Financial markets
Philosophy
Mathematics
Law
Criminal
Architecture and Design
Government
Social Science
World history
Chemistry
Humanities
Business Finance
Writing
Programming
Telecommunications Engineering
Geography
Physics
Spanish
ach
e. Embedded Entrepreneurship
f. Three Social Entrepreneurship Models
g. Social-Founder Identity
h. Micros-enterprise Development
Outcomes
Subset 2. Indigenous Entrepreneurship Approaches (Outside of Canada)
a. Indigenous Australian Entrepreneurs Exami
Calculus
(people influence of
others) processes that you perceived occurs in this specific Institution Select one of the forms of stratification highlighted (focus on inter the intersectionalities
of these three) to reflect and analyze the potential ways these (
American history
Pharmacology
Ancient history
. Also
Numerical analysis
Environmental science
Electrical Engineering
Precalculus
Physiology
Civil Engineering
Electronic Engineering
ness Horizons
Algebra
Geology
Physical chemistry
nt
When considering both O
lassrooms
Civil
Probability
ions
Identify a specific consumer product that you or your family have used for quite some time. This might be a branded smartphone (if you have used several versions over the years)
or the court to consider in its deliberations. Locard’s exchange principle argues that during the commission of a crime
Chemical Engineering
Ecology
aragraphs (meaning 25 sentences or more). Your assignment may be more than 5 paragraphs but not less.
INSTRUCTIONS:
To access the FNU Online Library for journals and articles you can go the FNU library link here:
https://www.fnu.edu/library/
In order to
n that draws upon the theoretical reading to explain and contextualize the design choices. Be sure to directly quote or paraphrase the reading
ce to the vaccine. Your campaign must educate and inform the audience on the benefits but also create for safe and open dialogue. A key metric of your campaign will be the direct increase in numbers.
Key outcomes: The approach that you take must be clear
Mechanical Engineering
Organic chemistry
Geometry
nment
Topic
You will need to pick one topic for your project (5 pts)
Literature search
You will need to perform a literature search for your topic
Geophysics
you been involved with a company doing a redesign of business processes
Communication on Customer Relations. Discuss how two-way communication on social media channels impacts businesses both positively and negatively. Provide any personal examples from your experience
od pressure and hypertension via a community-wide intervention that targets the problem across the lifespan (i.e. includes all ages).
Develop a community-wide intervention to reduce elevated blood pressure and hypertension in the State of Alabama that in
in body of the report
Conclusions
References (8 References Minimum)
*** Words count = 2000 words.
*** In-Text Citations and References using Harvard style.
*** In Task section I’ve chose (Economic issues in overseas contracting)"
Electromagnetism
w or quality improvement; it was just all part of good nursing care. The goal for quality improvement is to monitor patient outcomes using statistics for comparison to standards of care for different diseases
e a 1 to 2 slide Microsoft PowerPoint presentation on the different models of case management. Include speaker notes... .....Describe three different models of case management.
visual representations of information. They can include numbers
SSAY
ame workbook for all 3 milestones. You do not need to download a new copy for Milestones 2 or 3. When you submit Milestone 3
pages):
Provide a description of an existing intervention in Canada
making the appropriate buying decisions in an ethical and professional manner.
Topic: Purchasing and Technology
You read about blockchain ledger technology. Now do some additional research out on the Internet and share your URL with the rest of the class
be aware of which features their competitors are opting to include so the product development teams can design similar or enhanced features to attract more of the market. The more unique
low (The Top Health Industry Trends to Watch in 2015) to assist you with this discussion.
https://youtu.be/fRym_jyuBc0
Next year the $2.8 trillion U.S. healthcare industry will finally begin to look and feel more like the rest of the business wo
evidence-based primary care curriculum. Throughout your nurse practitioner program
Vignette
Understanding Gender Fluidity
Providing Inclusive Quality Care
Affirming Clinical Encounters
Conclusion
References
Nurse Practitioner Knowledge
Mechanics
and word limit is unit as a guide only.
The assessment may be re-attempted on two further occasions (maximum three attempts in total). All assessments must be resubmitted 3 days within receiving your unsatisfactory grade. You must clearly indicate “Re-su
Trigonometry
Article writing
Other
5. June 29
After the components sending to the manufacturing house
1. In 1972 the Furman v. Georgia case resulted in a decision that would put action into motion. Furman was originally sentenced to death because of a murder he committed in Georgia but the court debated whether or not this was a violation of his 8th amend
One of the first conflicts that would need to be investigated would be whether the human service professional followed the responsibility to client ethical standard. While developing a relationship with client it is important to clarify that if danger or
Ethical behavior is a critical topic in the workplace because the impact of it can make or break a business
No matter which type of health care organization
With a direct sale
During the pandemic
Computers are being used to monitor the spread of outbreaks in different areas of the world and with this record
3. Furman v. Georgia is a U.S Supreme Court case that resolves around the Eighth Amendments ban on cruel and unsual punishment in death penalty cases. The Furman v. Georgia case was based on Furman being convicted of murder in Georgia. Furman was caught i
One major ethical conflict that may arise in my investigation is the Responsibility to Client in both Standard 3 and Standard 4 of the Ethical Standards for Human Service Professionals (2015). Making sure we do not disclose information without consent ev
4. Identify two examples of real world problems that you have observed in your personal
Summary & Evaluation: Reference & 188. Academic Search Ultimate
Ethics
We can mention at least one example of how the violation of ethical standards can be prevented. Many organizations promote ethical self-regulation by creating moral codes to help direct their business activities
*DDB is used for the first three years
For example
The inbound logistics for William Instrument refer to purchase components from various electronic firms. During the purchase process William need to consider the quality and price of the components. In this case
4. A U.S. Supreme Court case known as Furman v. Georgia (1972) is a landmark case that involved Eighth Amendment’s ban of unusual and cruel punishment in death penalty cases (Furman v. Georgia (1972)
With covid coming into place
In my opinion
with
Not necessarily all home buyers are the same! When you choose to work with we buy ugly houses Baltimore & nationwide USA
The ability to view ourselves from an unbiased perspective allows us to critically assess our personal strengths and weaknesses. This is an important step in the process of finding the right resources for our personal learning style. Ego and pride can be
· By Day 1 of this week
While you must form your answers to the questions below from our assigned reading material
CliftonLarsonAllen LLP (2013)
5 The family dynamic is awkward at first since the most outgoing and straight forward person in the family in Linda
Urien
The most important benefit of my statistical analysis would be the accuracy with which I interpret the data. The greatest obstacle
From a similar but larger point of view
4 In order to get the entire family to come back for another session I would suggest coming in on a day the restaurant is not open
When seeking to identify a patient’s health condition
After viewing the you tube videos on prayer
Your paper must be at least two pages in length (not counting the title and reference pages)
The word assimilate is negative to me. I believe everyone should learn about a country that they are going to live in. It doesnt mean that they have to believe that everything in America is better than where they came from. It means that they care enough
Data collection
Single Subject Chris is a social worker in a geriatric case management program located in a midsize Northeastern town. She has an MSW and is part of a team of case managers that likes to continuously improve on its practice. The team is currently using an
I would start off with Linda on repeating her options for the child and going over what she is feeling with each option. I would want to find out what she is afraid of. I would avoid asking her any “why” questions because I want her to be in the here an
Summarize the advantages and disadvantages of using an Internet site as means of collecting data for psychological research (Comp 2.1) 25.0\% Summarization of the advantages and disadvantages of using an Internet site as means of collecting data for psych
Identify the type of research used in a chosen study
Compose a 1
Optics
effect relationship becomes more difficult—as the researcher cannot enact total control of another person even in an experimental environment. Social workers serve clients in highly complex real-world environments. Clients often implement recommended inte
I think knowing more about you will allow you to be able to choose the right resources
Be 4 pages in length
soft MB-920 dumps review and documentation and high-quality listing pdf MB-920 braindumps also recommended and approved by Microsoft experts. The practical test
g
One thing you will need to do in college is learn how to find and use references. References support your ideas. College-level work must be supported by research. You are expected to do that for this paper. You will research
Elaborate on any potential confounds or ethical concerns while participating in the psychological study 20.0\% Elaboration on any potential confounds or ethical concerns while participating in the psychological study is missing. Elaboration on any potenti
3 The first thing I would do in the family’s first session is develop a genogram of the family to get an idea of all the individuals who play a major role in Linda’s life. After establishing where each member is in relation to the family
A Health in All Policies approach
Note: The requirements outlined below correspond to the grading criteria in the scoring guide. At a minimum
Chen
Read Connecting Communities and Complexity: A Case Study in Creating the Conditions for Transformational Change
Read Reflections on Cultural Humility
Read A Basic Guide to ABCD Community Organizing
Use the bolded black section and sub-section titles below to organize your paper. For each section
Losinski forwarded the article on a priority basis to Mary Scott
Losinksi wanted details on use of the ED at CGH. He asked the administrative resident