6,871
社区成员
发帖
与我相关
我的任务
分享有请网络安全高手
我用SUPERSCAN4.0扫描了我的机子,报告如下,请高手帮我分析下是否存在重大漏洞
TCP Ports (13)
53 Domain Name Server
88 Kerberos
135 DCE endpoint resolution
139 NETBIOS Session Service
389 Lightweight Directory Access Protocol / Internet Locator Service (ILS)
445 Microsoft-DS
593 HTTP RPC Ep Map
636 ldap protocol over TLS/SSL
1028 [Unknown]
1031 InetInfo / BBN IAD
3268 Microsoft Global Catalog
3372 Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2
3389 MS Terminal Server
UDP Ports (2)
53 Domain Name Server
137 NETBIOS Name Service
TCP Port Banner
389
Lightweight Directory Access Protocol / Internet Locator Service (ILS) 0........a...........
593
HTTP RPC Ep Map ncacn_http/1.0
636
ldap protocol over TLS/SSL
[Connection closed by remote host]
1031
InetInfo / BBN IAD ncacn_http/1.0
UDP Port Banner
137
NETBIOS Name Service MAC Address: 00:50:04:1D:B2:28NIC Vendor : 3Com
Netbios Name Table (9 names)
SERVER 00 UNIQUE Workstation service nameSLTCOM 00 GROUP Workstation service nameSLTCOM 1C GROUP Domain controller nameSERVER 20 UNIQUE Server services nameSLTCOM 1B UNIQUE Master browser nameSLTCOM 1E GROUP Group nameSERVER 03 UNIQUE Messenger nameSLTCOM 1D UNIQUE Master browser name..__MSBROWSE__. 01 GROUP
--------------------------------------------------------------------------------
Total hosts discovered 1
Total open TCP ports 13
Total open UDP ports 2
TCP Ports (13)
53 Domain Name Server
88 Kerberos
135 DCE endpoint resolution
139 NETBIOS Session Service
389 Lightweight Directory Access Protocol / Internet Locator Service (ILS)
445 Microsoft-DS
593 HTTP RPC Ep Map
636 ldap protocol over TLS/SSL
1028 [Unknown]
1031 InetInfo / BBN IAD
3268 Microsoft Global Catalog
3372 Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2
3389 MS Terminal Server
UDP Ports (2)
53 Domain Name Server
137 NETBIOS Name Service
TCP Port Banner
389
Lightweight Directory Access Protocol / Internet Locator Service (ILS) 0........a...........
593
HTTP RPC Ep Map ncacn_http/1.0
636
ldap protocol over TLS/SSL
[Connection closed by remote host]
1031
InetInfo / BBN IAD ncacn_http/1.0
UDP Port Banner
137
NETBIOS Name Service MAC Address: 00:50:04:1D:B2:28NIC Vendor : 3Com
Netbios Name Table (9 names)
SERVER 00 UNIQUE Workstation service nameSLTCOM 00 GROUP Workstation service nameSLTCOM 1C GROUP Domain controller nameSERVER 20 UNIQUE Server services nameSLTCOM 1B UNIQUE Master browser nameSLTCOM 1E GROUP Group nameSERVER 03 UNIQUE Messenger nameSLTCOM 1D UNIQUE Master browser name..__MSBROWSE__. 01 GROUP
--------------------------------------------------------------------------------
Total hosts discovered 1
Total open TCP ports 13
Total open UDP ports 2
...全文
请发表友善的回复…
发表回复
Aceryt 2005-08-25
- 打赏
- 举报
防范需要你有一定的安全知识并且对操作系统熟悉,建议多看看这方面的资料,不过简单地说,你只要禁止端口被外部访问就是了。
victory81 2005-08-25
- 打赏
- 举报
Aceryt(皮皮猪·心平气和) ,上文中提到的
警告数量
提示数量
这样各意味着什么,如何防范?
警告数量
提示数量
这样各意味着什么,如何防范?
Aceryt 2005-08-24
- 打赏
- 举报
下面是一个修改过的参考示例:
检测结果
存活主机 1
漏洞数量 2
警告数量 2
提示数量 12
主机列表
主机 检测结果
123.123.123.88 发现安全漏洞
主机摘要 - OS: Microsoft Windows Server 2003; PORT/TCP: 135, 139, 445, 1433
主机分析: 123.123.123.88
主机地址 端口/服务 服务漏洞
123.123.123.88 netbios-ssn (139/tcp) 发现安全提示
123.123.123.88 ms-sql-s (1433/tcp) 发现安全漏洞
123.123.123.88 microsoft-ds (445/tcp) 发现安全提示
123.123.123.88 epmap (135/tcp) 发现安全警告
123.123.123.88 domain (53/udp) 发现安全提示
123.123.123.88 cifs (445/tcp) 发现安全提示
123.123.123.88 smb (139/tcp) 发现安全提示
123.123.123.88 netbios-ns (137/udp) 发现安全警告
123.123.123.88 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1026/tcp) 发现安全提示
123.123.123.88 DCE/906b0ce0-c70b-1067-b317-00dd010662da (3966/tcp) 发现安全提示
123.123.123.88 mssql (1433/tcp) 发现安全漏洞
123.123.123.88 tcp 发现安全提示
安全漏洞及解决方案: 123.123.123.88
类型 端口/服务 安全漏洞及解决方案
提示 netbios-ssn (139/tcp) Maybe the "netbios-ssn" service running on this port.
Here is its banner:
83 .
NESSUS_ID : 10330
漏洞 ms-sql-s (1433/tcp) SQL-Server弱口令: "sa/[空口令]"
提示 ms-sql-s (1433/tcp) Maybe the "ms-sql-s" service running on this port.
NESSUS_ID : 10330
提示 ms-sql-s (1433/tcp)
Microsoft SQL server is running on this port.
You should never let any unauthorized users establish
connections to this service.
Solution: Block this port from outside communication
Risk factor : Medium
CVE_ID : CAN-1999-0652
NESSUS_ID : 10144
提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.
NESSUS_ID : 10330
警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 epmap (135/tcp) Maybe the "epmap" service running on this port.
NESSUS_ID : 10330
提示 domain (53/udp) BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is :
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
NESSUS_ID : 10028
提示 cifs (445/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的'Netbios-less'通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
A CIFS server is running on this port
NESSUS_ID : 11011
提示 cifs (445/tcp) 当前脚本尝试使用多个login/password组合登陆远程主机
参考资料: http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
参考资料: http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
风险等级: 中
___________________________________________________________________
It was possible to log into the remote host using a NULL session,
but the IPC$ share could not be connected to, which makes this problem
rather harmless.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
There is no solution to disable null sessions completely
All the smb tests will be done as ''/'' in domain WORKGROUP
CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117
BUGTRAQ_ID : 494
NESSUS_ID : 10394
提示 smb (139/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的'Netbios-less'通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
An SMB server is running on this port
NESSUS_ID : 11011
警告 netbios-ns (137/udp) 如果NetBIOS端口(UDP:137)已经打开,
一个远程攻击者可以利用这个漏洞获得主机
的敏感信息,比如机器名,工作组/域名,
当前登陆用户名等。
解决方法:阻止这个端口的外部通信。
风险等级:中
......
检测结果
存活主机 1
漏洞数量 2
警告数量 2
提示数量 12
主机列表
主机 检测结果
123.123.123.88 发现安全漏洞
主机摘要 - OS: Microsoft Windows Server 2003; PORT/TCP: 135, 139, 445, 1433
主机分析: 123.123.123.88
主机地址 端口/服务 服务漏洞
123.123.123.88 netbios-ssn (139/tcp) 发现安全提示
123.123.123.88 ms-sql-s (1433/tcp) 发现安全漏洞
123.123.123.88 microsoft-ds (445/tcp) 发现安全提示
123.123.123.88 epmap (135/tcp) 发现安全警告
123.123.123.88 domain (53/udp) 发现安全提示
123.123.123.88 cifs (445/tcp) 发现安全提示
123.123.123.88 smb (139/tcp) 发现安全提示
123.123.123.88 netbios-ns (137/udp) 发现安全警告
123.123.123.88 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1026/tcp) 发现安全提示
123.123.123.88 DCE/906b0ce0-c70b-1067-b317-00dd010662da (3966/tcp) 发现安全提示
123.123.123.88 mssql (1433/tcp) 发现安全漏洞
123.123.123.88 tcp 发现安全提示
安全漏洞及解决方案: 123.123.123.88
类型 端口/服务 安全漏洞及解决方案
提示 netbios-ssn (139/tcp) Maybe the "netbios-ssn" service running on this port.
Here is its banner:
83 .
NESSUS_ID : 10330
漏洞 ms-sql-s (1433/tcp) SQL-Server弱口令: "sa/[空口令]"
提示 ms-sql-s (1433/tcp) Maybe the "ms-sql-s" service running on this port.
NESSUS_ID : 10330
提示 ms-sql-s (1433/tcp)
Microsoft SQL server is running on this port.
You should never let any unauthorized users establish
connections to this service.
Solution: Block this port from outside communication
Risk factor : Medium
CVE_ID : CAN-1999-0652
NESSUS_ID : 10144
提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.
NESSUS_ID : 10330
警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 epmap (135/tcp) Maybe the "epmap" service running on this port.
NESSUS_ID : 10330
提示 domain (53/udp) BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is :
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
NESSUS_ID : 10028
提示 cifs (445/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的'Netbios-less'通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
A CIFS server is running on this port
NESSUS_ID : 11011
提示 cifs (445/tcp) 当前脚本尝试使用多个login/password组合登陆远程主机
参考资料: http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
参考资料: http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
风险等级: 中
___________________________________________________________________
It was possible to log into the remote host using a NULL session,
but the IPC$ share could not be connected to, which makes this problem
rather harmless.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
There is no solution to disable null sessions completely
All the smb tests will be done as ''/'' in domain WORKGROUP
CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117
BUGTRAQ_ID : 494
NESSUS_ID : 10394
提示 smb (139/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的'Netbios-less'通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
An SMB server is running on this port
NESSUS_ID : 11011
警告 netbios-ns (137/udp) 如果NetBIOS端口(UDP:137)已经打开,
一个远程攻击者可以利用这个漏洞获得主机
的敏感信息,比如机器名,工作组/域名,
当前登陆用户名等。
解决方法:阻止这个端口的外部通信。
风险等级:中
......
Aceryt 2005-08-24
- 打赏
- 举报
你应该在外网扫描,局域网内扫描没有什么用,你说的这些端口上文都有告诉你,88是Kerberos认证用的,3268是GC(全局编录)查询使用的,这些都是在Active Directory环境中需要的,不要随意关闭。
如果你要从外部扫描,推荐你使用X-Scan,他会生成一份比较不错的报告,看下面。
如果你要从外部扫描,推荐你使用X-Scan,他会生成一份比较不错的报告,看下面。
victory81 2005-08-24
- 打赏
- 举报
Aceryt(皮皮猪·心平气和) 讲对啦,这是个域控制器,我是在局域网内的另外一台机子上进行扫描的,有几个端口我不知道有什么用, 开着危险不?88,593,636,1028,1031,3268,3372这些有什么用?
zhengjz 2005-08-24
- 打赏
- 举报
打好补丁,关掉不需要的端口
Aceryt 2005-08-24
- 打赏
- 举报
应该是台域控制器吧,你是直接在这台机器上扫描的?如果你不是从外部扫描的,那么这份报告没有报告什么很大隐患,但是安全补丁依然要打好,因为其实你这份报告的检查项目我觉得还是很少,看不出什么。
