|
|
 |
|
|
|
|
Vulnerabilities_ |
|
|
|
|
|
 | High Risk Vulnerability - FTP Access
 xxx.xxx.xxx.xxx (www.yourdomain.com) | |
It appears your FTP server is open to anonymous access. Check your FTP log files, if there were any files compromised on the server that contain any passwords they need to be changed. Also, check any systems that may have used the same passwords for tampering. |
|  | Medium Risk Vulnerability - FTP login
xxx.xxx.xxx.xxx (www.yourdomain.com) | | The FTP server login has no delay in the event of a bad login attempt. If you use an easily guessable login like "aSmith" then make sure you have a strong password or you will be suseptable to a brute force or dictionary attack. |
|  | Low Risk Vulnerability - POP3 service enabled
xxx.xxx.xxx.xxx (www.yourdomain.com) | | Make sure your email servers are kept up to date with the latest service packs. |
| | | Low Risk Vulnerability - HTTP service enabled
xxx.xxx.xxx.xxx (www.yourdomain.com) | | Make sure all service packs and hotfixes have been installed for your web servers. |
|  | Discovery Information - SSL enabled (web server)
xxx.xxx.xxx.xxx (www.yourdomain.com) | | |
| | | Discovery Information - MySQL (open source database) running
xxx.xxx.xxx.xxx (www.yourdomain.com) | | |
| | | Discovery Information - Frontpage extensions enabled (web server)
xxx.xxx.xxx.xxx (www.yourdomain.com) | | |
| | | Discovery Information - Host machine is L/Unix based
xxx.xxx.xxx.xxx (www.yourdomain.com) | | |
|
| |
|
|
|
|
|
Network Map_ |
|
|
|
|
|
|  | xxx.xxx.xxx.xxx ( www.yourdomain.com
) | | Port | Service/Detail |   | 21 | File Transfer Protocol [Control]
| | | 220 FTP Service..
| | 80 | World Wide Web HTTP
| | | HTTP/1.1 200 OK..Date: Thu, 24 Jul 2003 01:04:43 GMT..Server: Rapidsite/Apa/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.12 O
| | 110 | Post Office Protocol - Version 3
| | | +OK POP3 [xxx.xxx.xxx.xxx] v2000.70 server ready..
| | 443 | https MCom
| | 554 | Real Time Stream Control Protocol
| | 8000 | iRDMI/Shoutcast Server |
| | xxx.xxx.xxx.xxx ( adsl-0-0-0-0.bellsouth.net
) | | Port | Service/Detail | | 1723 | pptp |
| |
|
|
|
|
|
DNS ISSUES_ |
|
|
|
|
|
 All nameservers did not respond
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:
xxx.xxx.xxx.xxx
Nameservers on same class C's
WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C address space, usually this means that they at the same physical location. Your nameservers should be at separate locations.
Only 1 MX Record Listed
WARNING: You only have 1 MX record. If your mail server goes down, there is a chance that mail may be lost.
Mail server name
WARNING: One or more of your mailservers claims to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name) mail-fwd.mail.net claims to be host mail07c.mail.net.
Domain literals
One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses.
|  |
|
|
|
|
|
Public Info_ |
|
|
|
|
|
| Tech's Note_ |
| |
The following information is openly available to the public. You should review
this information to ensure that there is no sensative information being released.
In addition, keep in mind that a hacker may use this information in an attempt to
persuade information from you. For example, by using this information an individual
may call you and say:
| |
"This is Mr. Smith with ABC hosting. We have reason to believe
that one of our password servers may have been compromised over the weekend so we are
contacting all of our customers to get a change of password. I'm showing that we are
hosting your somedomain.com site. May I have your current password for verication and
the new password you would like the account changed to."
|
|
If your employees aren't sharp, they may fall victim to what hackers call "Social Engineering".
|
|
Your Company, Inc. (YOURDOMAIN-DOM)
1234 Your St.
Suite 100
YOUR CITY, FL 90210
US
Domain Name: yourdomain.com
Administrative Contact:
Your Company, Inc. (947293865) email@yourdomain.com
1234 Your St.
Suite 100
YOUR CITY, FL 90210
US
905-555-0644 fax: 905-555-7712
Technical Contact:
Smith, Joe (HDL91) email@yourdomain.com
Your Company, Inc.
1234 Your St.
YOUR CITY, FL 90210-1234
US
(905) 555-4165 fax: (905) 555-1482
Record expires on 26-Jul-2001.
Record created on 10-May-2000.
Database last updated on 23-Jul-2001 21:45:26 EDT.
Domain servers in listed order:
NS1.DOMAINSERVER.NET xxx.xxx.xxx.xxx
NS2.DOMAINSERVER.NET xxx.xxx.xxx.xxx
OrgName: Company, Inc.
OrgID: ORID
Address: 1234 South Your Street
Address: Suite 200
City: Citytown
StateProv: CO
PostalCode: 90212
Country: US
ReferralServer: rwhois://rwhois.Company.net:4321/
NetRange: 0.0.0.0 - 0.0.255.255
CIDR: 0.0.0.0/16
NetName: ORID-208-055
NetHandle: NET-0-0-0-0-1
Parent: NET-0-0-0-0-0
NetType: Direct Allocation
NameServer: NS0.Company.NET
NameServer: NS1.Company.NET
NameServer: NS2.Company.NET
NameServer: NS3.Company.NET
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.Company.net port 4321
Comment: ********************************************
RegDate: 2001-01-05
Updated: 2003-07-10
TechHandle: VIA4-ORG-ARIN
TechName: Company, Inc.
TechPhone: +1-303-645-1900
TechEmail: email@Company.net
OrgAbuseHandle: VAC5-ARIN
OrgAbuseName: Company Abuse Contact
OrgAbusePhone: +1-800-555-6375
OrgAbuseEmail: abuse@Company.net
OrgNOCHandle: VSC-ARIN
OrgNOCName: Company Support Contact
OrgNOCPhone: +1-800-555-6375
OrgNOCEmail: support@Company.net
OrgTechHandle: VIA4-ORG-ARIN
OrgTechName: Company, Inc.
OrgTechPhone: +1-303-645-1900
OrgTechEmail: email@Company.net
# ARIN WHOIS database, last updated 2003-07-22 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgName: Company, Inc.
OrgID: ORID
Address: 1234 South Your Street
Address: Suite 200
City: Citytown
StateProv: CO
PostalCode: 90212
Country: US
Comment:
RegDate: 1996-04-03
Updated: 2003-07-15
ReferralServer: rwhois://rwhois.Company.net:4321/
AbuseHandle: VAC5-ARIN
AbuseName: Company Abuse Contact
AbusePhone: +1-800-555-6375
AbuseEmail: abuse@Company.net
AdminHandle: VIA4-ORG-ARIN
AdminName: Company, Inc.
AdminPhone: +1-303-645-1900
AdminEmail: email@Company.net
NOCHandle: VSC-ARIN
NOCName: Company Support Contact
NOCPhone: +1-800-555-6375
NOCEmail: support@Company.net
TechHandle: VIA4-ORG-ARIN
TechName: Company, Inc.
TechPhone: +1-303-645-1900
TechEmail: email@Company.net
# ARIN WHOIS database, last updated 2003-07-22 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
|
| |
|
|
|
|
|
