|
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,?B?z???p,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
|
|
192.168.41.23,tphq7lap314.tahoho.com.tw,3389,tcp,4.3,Medium,98,Mitigation,SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection,"It was possible to detect the usage of the deprecated TLSv1.0
|
|
and/or TLSv1.1 protocol on this system.",???? TLS 1.0 ?? 1.1 (2014.06.14),"In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
|
|
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,5daf71c4-3b95-433d-a375-17bf91f5b1e5,"An attacker might be able to use the known cryptographic flaws
|
|
to eavesdrop the connection between clients and the service to get access to sensitive data
|
|
transferred within the secured connection.
|
|
|
|
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
|
|
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
|
|
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
|
|
information.","All services providing an encrypted communication using the
|
|
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
|
|
flaws like:
|
|
|
|
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
|
|
|
|
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
|
|
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
|
|
system.
|
|
Details:
|
|
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
|
|
(OID: 1.3.6.1.4.1.25623.1.0.117274)
|
|
Version used: 2023-10-21T00:09:12+08:00
|
|
",,,"DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",
|
|
192.168.41.254,,22,tcp,5.3,Medium,80,Mitigation,Weak (Small) Public Key Size(s) (SSH),"The remote SSH server uses a weak (too small) public key
|
|
size.",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"The remote SSH server uses a public RSA key with the following weak (too small) size: 1024
|
|
",1.3.6.1.4.1.25623.1.0.150712,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,a3db1ce5-9bb8-4a01-8844-880b9009f59e,"A man-in-the-middle attacker can exploit this vulnerability to
|
|
record the communication to decrypt the session key and even the messages.","'- <= 1024 bit for RSA based keys:
|
|
|
|
Install a RSA public key length of 2048 bits or greater, or to switch to more secure key types.",,"'- <= 1024 bit for RSA based keys:
|
|
|
|
Best practices require that RSA digital signatures be 2048 or more bits long to provide adequate
|
|
security. Key lengths of 1024 are considered deprecated since 2011.","Checks the public key size of the remote SSH server.
|
|
|
|
Currently weak (too small) key sizes are defined as the following:
|
|
|
|
- <= 1024 bit for RSA based keys
|
|
Details:
|
|
Weak (Small) Public Key Size(s) (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.150712)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
",,,,
|
|
192.168.41.254,,22,tcp,5.3,Medium,80,Mitigation,Weak Key Exchange (KEX) Algorithm(s) Supported (SSH),"The remote SSH server is configured to allow / support weak key
|
|
exchange (KEX) algorithm(s).",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"The remote SSH server supports the following weak KEX algorithm(s):
|
|
|
|
KEX algorithm | Reason
|
|
-------------------------------------------------------------------------------------------
|
|
diffie-hellman-group-exchange-sha1 | Using SHA-1
|
|
diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1
|
|
",1.3.6.1.4.1.25623.1.0.150713,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,b24372dc-38dc-40a6-9f47-dbd10e7c6aad,An attacker can quickly break individual connections.,"Disable the reported weak KEX algorithm(s)
|
|
|
|
- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.",,"'- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key
|
|
exchange. Practitioners believed this was safe as long as new key exchange messages were generated
|
|
for every connection. However, the first step in the number field sieve-the most efficient
|
|
algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime.
|
|
|
|
A nation-state can break a 1024-bit prime.","Checks the supported KEX algorithms of the remote SSH server.
|
|
|
|
Currently weak KEX algorithms are defined as the following:
|
|
|
|
- non-elliptic-curve Diffie-Hellmann (DH) KEX algorithms with 1024-bit MODP group / prime
|
|
|
|
- ephemerally generated key exchange groups uses SHA-1
|
|
|
|
- using RSA 1024-bit modulus key
|
|
Details:
|
|
Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.150713)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
",,,,
|
|
192.168.41.254,,23,tcp,4.8,Medium,70,Mitigation,Telnet Unencrypted Cleartext Login,"The remote host is running a Telnet service that allows cleartext logins over
|
|
unencrypted connections.",?Ʃw ?w???O?i?? ?ק?????Ѽ?,Vulnerability was detected according to the Vulnerability Detection Method.,1.3.6.1.4.1.25623.1.0.108522,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,89b0f938-197f-4578-b443-0d3f6f98afd0,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
Telnet service.",Replace Telnet with a protocol like SSH which supports encrypted connections.,,,"
|
|
Details:
|
|
Telnet Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108522)
|
|
Version used: 2023-10-13T13:06:09+08:00
|
|
",,,,
|
|
192.168.41.254,,443,tcp,4.3,Medium,98,Mitigation,SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection,"It was possible to detect the usage of the deprecated TLSv1.0
|
|
and/or TLSv1.1 protocol on this system.",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.1 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
|
|
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,76b04c3c-24d3-4f84-bc8c-0979e53efd00,"An attacker might be able to use the known cryptographic flaws
|
|
to eavesdrop the connection between clients and the service to get access to sensitive data
|
|
transferred within the secured connection.
|
|
|
|
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
|
|
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
|
|
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
|
|
information.","All services providing an encrypted communication using the
|
|
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
|
|
flaws like:
|
|
|
|
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
|
|
|
|
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
|
|
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
|
|
system.
|
|
Details:
|
|
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
|
|
(OID: 1.3.6.1.4.1.25623.1.0.117274)
|
|
Version used: 2023-10-21T00:09:12+08:00
|
|
",,,"DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",
|
|
192.168.41.254,,22,tcp,4.3,Medium,80,Mitigation,Weak Encryption Algorithm(s) Supported (SSH),"The remote SSH server is configured to allow / support weak
|
|
encryption algorithm(s).",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"The remote SSH server supports the following weak client-to-server encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
des-cbc
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
des-cbc
|
|
",1.3.6.1.4.1.25623.1.0.105611,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,a202ea32-a21e-48fd-9b9b-aba648fd58c2,,Disable the reported weak encryption algorithm(s).,,"'- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit
|
|
keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour
|
|
(and RC4) has problems with weak keys, and should not be used anymore.
|
|
|
|
- The 'none' algorithm specifies that no encryption is to be done. Note that this method provides
|
|
no confidentiality protection, and it is NOT RECOMMENDED to use it.
|
|
|
|
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
|
|
recover plaintext from a block of ciphertext.","Checks the supported encryption algorithms (client-to-server
|
|
and server-to-client) of the remote SSH server.
|
|
|
|
Currently weak encryption algorithms are defined as the following:
|
|
|
|
- Arcfour (RC4) cipher based algorithms
|
|
|
|
- 'none' algorithm
|
|
|
|
- CBC mode cipher based algorithms
|
|
Details:
|
|
Weak Encryption Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105611)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
",,,,
|
|
192.168.41.254,,,,2.6,Low,80,Mitigation,TCP Timestamps Information Disclosure,"The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 3764940005
|
|
Packet 2: 3764941108
|
|
",1.3.6.1.4.1.25623.1.0.80091,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,0470ff45-5589-42e0-bd00-ee7b7a4e9043,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.",TCP implementations that implement RFC1323/RFC7323.,"The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
",,,,
|
|
192.168.41.254,,22,tcp,2.6,Low,80,Mitigation,Weak MAC Algorithm(s) Supported (SSH),"The remote SSH server is configured to allow / support weak MAC
|
|
algorithm(s).",?Ʃw ?w???O?i?? ?ק?????Ѽ?,"The remote SSH server supports the following weak client-to-server MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-md5-96
|
|
hmac-sha1-96
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-md5-96
|
|
hmac-sha1-96
|
|
",1.3.6.1.4.1.25623.1.0.105610,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,f8da28ce-a372-4d7e-b988-0d14e07caadc,,Disable the reported weak MAC algorithm(s).,,,"Checks the supported MAC algorithms (client-to-server and
|
|
server-to-client) of the remote SSH server.
|
|
|
|
Currently weak MAC algorithms are defined as the following:
|
|
|
|
- MD5 based algorithms
|
|
|
|
- 96-bit based algorithms
|
|
|
|
- 64-bit based algorithms
|
|
|
|
- 'none' algorithm
|
|
Details:
|
|
Weak MAC Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105610)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
",,,,
|
|
192.168.41.254,,,,2.1,Low,80,Mitigation,ICMP Timestamp Reply Information Disclosure,The remote host responded to an ICMP timestamp request.,?Ʃw ?w???O?i?? ?ק?????Ѽ?,"The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,CVE-1999-0524,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,02890482-8423-4c6d-b2e7-e5762300f302,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)",,"The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
",,,"DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",
|
|
192.168.41.254,,,,2.1,Low,80,Mitigation,ICMP Netmask Reply Information Disclosure,The remote host responded to an ICMP netmask request.,?Ʃw ?w???O?i?? ?ק?????Ѽ?,"Received Netmask: 255.255.255.0
|
|
",1.3.6.1.4.1.25623.1.0.146440,CVE-1999-0524,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,0d234df3-ca86-4205-bb26-64bc6b29ca86,"This information might give an attacker information for further
|
|
reconnaissance and/or attacks (e.g. subnet structure, filter bypass, etc.).","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP netmask on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)",,"The Netmask Reply is an ICMP message which replies to a Netmask
|
|
message.","
|
|
Details:
|
|
ICMP Netmask Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.146440)
|
|
Version used: 2022-11-17T18:12:09+08:00
|
|
",,,"DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",
|
|
192.168.41.27,,,,2.6,Low,80,Mitigation,TCP Timestamps Information Disclosure,"The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.",,"It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 447641132
|
|
Packet 2: 447642282
|
|
",1.3.6.1.4.1.25623.1.0.80091,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,ea05ec26-a0cb-48fb-9b27-71dd857ec469,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.",TCP implementations that implement RFC1323/RFC7323.,"The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
",,,,
|
|
192.168.41.27,,,,2.1,Low,80,Mitigation,ICMP Timestamp Reply Information Disclosure,The remote host responded to an ICMP timestamp request.,,"The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,CVE-1999-0524,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,e5d21bad-2650-4b0a-9116-979a71749831,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)",,"The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
",,,"DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",
|
|
192.168.41.29,,135,tcp,5,Medium,80,Mitigation,DCE/RPC and MSRPC Services Enumeration Reporting,"Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.",,"Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49666]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49666]
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49667]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49706/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.41.29[49706]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,66accf80-85e7-4e7d-8447-e37b35b3f5e7,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.",Filter incoming traffic to this ports.,,,"
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
",,,,
|
|
192.168.41.29,,,,2.1,Low,80,Mitigation,ICMP Timestamp Reply Information Disclosure,The remote host responded to an ICMP timestamp request.,,"The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,CVE-1999-0524,2f484444-f29e-46a3-a7a2-1ed05caed53f,41.0-1-2,2024-06-04T12:02:27+08:00,bacc0476-8d89-46c4-b5ae-c15241126515,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)",,"The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
",,,"DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",
|
