 | Danger. Item has known security
problems. Investigate and fix ASAP. |
 | Warning. Item has potential
security problems such as clear text passwords, error prone
configurations or giving away important information about your
system. Be aware of these. |
 | Ok. Item has no known security
problems. However, if you don't need it, disable it just in case. It's
impossible to predict if someone might discover a security hole in
this item in the future or not. |
 | Trojan. Item is a Trojan
Horse. Remove it NOW. |
 | This is a standard, documented
port, but we have no specific information on this item. Since it is a
standard port, it likely belongs here but that is no guarantee. We get
alerted to these items in the scans and we investigate them. You can
re-scan in a few days and we might have some more information for
you. |
 | Very suspicious unknown port! Our
extensive records show no known service that runs on this port. Either
you have run a standard service on a non-standard port, or there is some
monkey business afoot on your machine. |
| Scan Results for IP Address 192.168.128.193 |
|---|
| Port | Service | Contents | Description |
|---|
|
| 23/tcp | telnet | Linux telnetd | Protocols like telnet which send their passwords unencrypted are getting more
and more dangerous. Anywhere along the data path, data traffic can be
watched and passwords easily stolen.
Known Security Problems |
Hacker
Can See | Trying 192.168.128.193...
Connected to 192.168.128.193.
Escape character is '^]'.
|
|
| 25/tcp | smtp | Sendmail 8.12.5/8.12.5 | Sendmail has its share of security problems but if you have it running, you
probably need it and can't just shut it off. The business membership
has an additional, in-depth scan for SMTP servers.FixingYour E-Mail server to prevent relaying.
Known Security Problems |
Hacker
Can See | SMTP Whacker copyright (c) 2004 by Wallyware, Inc
Attempting to contact SMTP (E-Mail) Server at 192.168.128.193...
(250)wallyware.net Hello bdsl.192.168.128.203.gte.net [192.168.128.203], pleased to meet you
ENHANCEDSTATUSCODES
PIPELINING
8BITMIME
SIZE
DSN
ETRN
DELIVERBY
HELP
Checking VRFY command...
VRFY root
(252) 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
*SAFE*. Your SMTP server is NOT permitting the VRFY command.
Checking EXPN command...
EXPN root
(502) 5.7.0 Sorry, we do not allow this operation
*SAFE*. Your SMTP server is NOT permitting the EXPN command.
------------------------------------
TEST: Checking normal relaying capability...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Checking sneaky <"spammer@relay.bug"> ...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: <"smtp-test@HackerWhacker.com">
(550) 5.1.1 <"smtp-test@HackerWhacker.com">... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@
(553) 5.1.3 ... Hostname required
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@[192.168.128.193]
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
For Information on how to secure your email server: Securing your E-Mail Server |
|
| 53/tcp | domain | ISC Bind 9.2.1 | Known Security Problems |
|
| 79/tcp | finger | Linux fingerd | It should be no one's business who is on your computer.
Known Security Problems |
Hacker
Can See | Login Name Tty Idle Login Time Office Office Phone
root root pts/2 13:41 May 28 15:53
root root pts/3 13:38 May 28 15:53
root root pts/4 13:41 May 28 15:53
root root pts/5 13:41 May 28 15:53
root root pts/6 13:41 May 28 15:53
root root pts/7 13:28 May 28 15:53
root root pts/8 13:41 May 28 15:53
root root pts/9 4:31 May 28 15:53
root root pts/10 13:41 May 28 15:53
root root pts/11 13:41 May 28 15:53
root root pts/12 13:41 May 28 15:53
root root pts/13 11:24 May 28 15:53
root root pts/14 11:25 May 28 16:04
root root pts/15 6:31 May 28 16:05
root root pts/16 11:30 May 28 17:49
root root pts/17 52 May 28 17:53
root root pts/18 11:24 May 28 18:10
root root pts/19 6:31 May 28 18:11
root root pts/20 6:37 May 28 22:57
root root pts/21 May 29 04:37
root root pts/1 12:41 May 28 15:53 (192.168.1.251)
root root pts/0 44 May 28 15:53
|
|
| 109/tcp | pop2 | UW POP2 server 2001.63rh |
Known Security Problems |
Hacker
Can See | + POP2 bdsl.192.168.128.193.gte.net v2001.63rh server ready
|
|
| 110/tcp | pop3 | UW Imap pop3 server 2001.78rh | POP3 should not be accessible over the Internet. Users who log in are
sending their names and passwords unencrypted and these items can be
"sniffed" by anyone who has access to the data channel anywhere along
the route the information travels. Often, shutting it off is not an
option since your customers need it. A compromise is to make sure that
any account accessing POP3 mail does not have any higher privileges
such as the ability to log in or connect to file shares. That way, if
the password is compromised, only the user's email is endangered and
not the entire machine.
Known Security Problems |
Hacker
Can See | +OK POP3 bdsl.192.168.128.193.gte.net v2001.78rh server ready
|
|
| 111/tcp | rpcbind | 2 (rpc #100000) | Known Security Problems |
|
| 143/tcp | imap | UW imapd 2001.315rh | Known Security Problems |
|
| 873/tcp | rsync | (protocol version 26) | Known Security Problems |
|
| 993/tcp | ssl | OpenSSL | Known Security Problems |
|
| 995/tcp | ssl | OpenSSL | Known Security Problems |
|
| 10000/tcp | http | Webmin httpd | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
| Scan Results for IP Address 192.168.128.194 |
|---|
| Port | Service | Contents | Description |
|---|
|
| 21/tcp | ftp | WU-FTPD wu-2.5.0 | FTP has a history of security holes. This test checks for anonymous logins which
FTP usually has by default.
Known Security Problems |
Hacker
Can See |
|
|
| 22/tcp | ssh | OpenSSH 3.0.1p1 (protocol 1.99) |
Known Security Problems |
Hacker
Can See | SSH-1.99-OpenSSH_3.0.1p1
|
|
| 23/tcp | telnet | Linux telnetd | Protocols like telnet which send their passwords unencrypted are getting more
and more dangerous. Anywhere along the data path, data traffic can be
watched and passwords easily stolen.
Known Security Problems |
Hacker
Can See | Trying 192.168.128.194...
Connected to 192.168.128.194.
Escape character is '^]'.
|
|
| 25/tcp | smtp | Sendmail 8.9.3/8.9.3 | Sendmail has its share of security problems but if you have it running, you
probably need it and can't just shut it off. The business membership
has an additional, in-depth scan for SMTP servers.FixingYour E-Mail server to prevent relaying.
Known Security Problems |
Hacker
Can See | SMTP Whacker copyright (c) 2004 by Wallyware, Inc
Attempting to contact SMTP (E-Mail) Server at 192.168.128.194...
(250)mail.aeqvitas.com Hello bdsl.192.168.128.203.gte.net [192.168.128.203], pleased to meet you
EXPN
VERB
8BITMIME
SIZE
DSN
ONEX
ETRN
XUSR
HELP
Checking VRFY command...
VRFY root
(250) root
*UNSAFE*. Your SMTP server is permitting the VRFY command which reveals names.
Checking EXPN command...
EXPN root
(250) root
*UNSAFE*. Your SMTP server is permitting the EXPN command which reveals names
------------------------------------
TEST: Checking normal relaying capability...
MAIL FROM: smtp-test@HackerWhacker.com
(250) ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Checking sneaky <"spammer@relay.bug"> ...
MAIL FROM: smtp-test@HackerWhacker.com
(250) ... Sender ok
RCPT TO: <"smtp-test@HackerWhacker.com">
(550) <"smtp-test@HackerWhacker.com">... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@
(553) ... Domain name required
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@[192.168.128.194]
(250) ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
For Information on how to secure your email server: Securing your E-Mail Server |
|
| 53/tcp | domain | ISC Bind 9.0.0 | Known Security Problems |
|
| 79/tcp | finger | BSD/Linux fingerd | It should be no one's business who is on your computer.
Known Security Problems |
Hacker
Can See | Login Name Tty Idle Login Time Office Office Phone
root root 1 135d Dec 30 15:51
root root /0 6:39 May 28 22:04 (bdsl.192.168.128.193.gte.net)
|
|
| 80/tcp | http | Apache httpd 1.3.6 ((Unix) (Red Hat/Linux) PHP/3.0.12) | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 98/tcp | linuxconf | Linuxconf (Access denied) | Make sure no data is exposed here.
Known Security Problems |
Hacker
Can See | 500 access denied: Check networking/linuxconf network access
|
|
| 111/tcp | rpcbind | 2 (rpc #100000) | Known Security Problems |
|
| 113/tcp | ident | OpenBSD identd | Known Security Problems |
|
| 515/tcp | printer | lpd (error: : Malformed from address) | Known Security Problems |
DBI connect('host=192.168.128.194','root',...) failed: Host 'bdsl.192.168.128.203.gte.net' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts' at /HackerWhacker/tools/sql/sql.pl line 81
Could not connect at /HackerWhacker/tools/sql/sql.pl line 81.
|
| 3306/tcp | mysql | MySQL (blocked - too many connection errors) | A popular database. Unless you want people poking around in your databases you
should close this.
Known Security Problems |
|
| 4000/tcp | http | Apache httpd 1.3.6 ((Unix) (Red Hat/Linux) PHP/3.0.12) | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 10000/tcp | http | Webmin httpd | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
| Scan Results for IP Address 192.168.128.195 |
|---|
| Port | Service | Contents | Description |
|---|
|
| 22/tcp | ssh | OpenSSH 3.4p1 (protocol 1.99) |
Known Security Problems |
Hacker
Can See | SSH-1.99-OpenSSH_3.4p1
|
|
| 53/tcp | domain | ISC Bind 9.2.1 | Known Security Problems |
|
| 80/tcp | http | Apache httpd 2.0.40 ((Red Hat Linux)) | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 111/tcp | rpcbind | 2 (rpc #100000) | Known Security Problems |
|
| 443/tcp | ssl | OpenSSL | Known Security Problems |
|
| 1024/tcp | status | 1 (rpc #100024) | Known Security Problems |
|
| 4000/tcp | http | Apache httpd 2.0.40 ((Red Hat Linux)) | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 10000/tcp | http | Webmin httpd | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
| Scan Results for IP Address 192.168.128.196 |
|---|
| Port | Service | Contents | Description |
|---|
|
| 23/tcp | telnet | Linux telnetd | Protocols like telnet which send their passwords unencrypted are getting more
and more dangerous. Anywhere along the data path, data traffic can be
watched and passwords easily stolen.
Known Security Problems |
Hacker
Can See | Trying 192.168.128.196...
Connected to 192.168.128.196.
Escape character is '^]'.
|
|
| 25/tcp | smtp | Sendmail 8.12.5/8.12.5 | Sendmail has its share of security problems but if you have it running, you
probably need it and can't just shut it off. The business membership
has an additional, in-depth scan for SMTP servers.FixingYour E-Mail server to prevent relaying.
Known Security Problems |
Hacker
Can See | SMTP Whacker copyright (c) 2004 by Wallyware, Inc
Attempting to contact SMTP (E-Mail) Server at 192.168.128.196...
(250)wallyware.net Hello bdsl.192.168.128.203.gte.net [192.168.128.203], pleased to meet you
ENHANCEDSTATUSCODES
PIPELINING
8BITMIME
SIZE
DSN
ETRN
DELIVERBY
HELP
Checking VRFY command...
VRFY root
(252) 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
*SAFE*. Your SMTP server is NOT permitting the VRFY command.
Checking EXPN command...
EXPN root
(502) 5.7.0 Sorry, we do not allow this operation
*SAFE*. Your SMTP server is NOT permitting the EXPN command.
------------------------------------
TEST: Checking normal relaying capability...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Checking sneaky <"spammer@relay.bug"> ...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: <"smtp-test@HackerWhacker.com">
(550) 5.1.1 <"smtp-test@HackerWhacker.com">... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@
(553) 5.1.3 ... Hostname required
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@[192.168.128.196]
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
For Information on how to secure your email server: Securing your E-Mail Server |
|
| 53/tcp | domain | ISC Bind 9.2.1 | Known Security Problems |
|
| 79/tcp | finger | Linux fingerd | It should be no one's business who is on your computer.
Known Security Problems |
Hacker
Can See | Login Name Tty Idle Login Time Office Office Phone
root root pts/2 13:45 May 28 15:53
root root pts/3 13:42 May 28 15:53
root root pts/4 13:45 May 28 15:53
root root pts/5 13:45 May 28 15:53
root root pts/6 13:45 May 28 15:53
root root pts/7 13:32 May 28 15:53
root root pts/8 13:45 May 28 15:53
root root pts/9 4:36 May 28 15:53
root root pts/10 13:45 May 28 15:53
root root pts/11 13:45 May 28 15:53
root root pts/12 13:45 May 28 15:53
root root pts/13 11:29 May 28 15:53
root root pts/14 11:29 May 28 16:04
root root pts/15 6:35 May 28 16:05
root root pts/16 11:34 May 28 17:49
root root pts/17 56 May 28 17:53
root root pts/18 11:28 May 28 18:10
root root pts/19 6:35 May 28 18:11
root root pts/20 6:41 May 28 22:57
root root pts/21 4 May 29 04:37
root root pts/1 12:46 May 28 15:53 (192.168.1.251)
root root pts/0 3 May 28 15:53
|
|
| 109/tcp | pop2 | UW POP2 server 2001.63rh |
Known Security Problems |
Hacker
Can See | + POP2 bdsl.192.168.128.196.gte.net v2001.63rh server ready
|
|
| 110/tcp | pop3 | UW Imap pop3 server 2001.78rh | POP3 should not be accessible over the Internet. Users who log in are
sending their names and passwords unencrypted and these items can be
"sniffed" by anyone who has access to the data channel anywhere along
the route the information travels. Often, shutting it off is not an
option since your customers need it. A compromise is to make sure that
any account accessing POP3 mail does not have any higher privileges
such as the ability to log in or connect to file shares. That way, if
the password is compromised, only the user's email is endangered and
not the entire machine.
Known Security Problems |
Hacker
Can See | +OK POP3 bdsl.192.168.128.196.gte.net v2001.78rh server ready
|
|
| 143/tcp | imap | UW imapd 2001.315rh | Known Security Problems |
|
| 873/tcp | rsync | (protocol version 26) | Known Security Problems |
|
| 993/tcp | ssl | OpenSSL | Known Security Problems |
|
| 995/tcp | ssl | OpenSSL | Known Security Problems |
|
| 10000/tcp | http | Webmin httpd | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
| Scan Results for IP Address 192.168.128.203 |
|---|
| Port | Service | Contents | Description |
|---|
|
| 21/tcp | ftp | vsFTPd 1.2.1 | FTP has a history of security holes. This test checks for anonymous logins which
FTP usually has by default.
Known Security Problems |
Hacker
Can See |
|
|
| 25/tcp | smtp | Sendmail 8.12.11/8.12.11 | Sendmail has its share of security problems but if you have it running, you
probably need it and can't just shut it off. The business membership
has an additional, in-depth scan for SMTP servers.FixingYour E-Mail server to prevent relaying.
Known Security Problems |
Hacker
Can See | SMTP Whacker copyright (c) 2004 by Wallyware, Inc
Attempting to contact SMTP (E-Mail) Server at 192.168.128.203...
(250)localhost.localdomain Hello bdsl.192.168.128.203.gte.net [192.168.128.203], pleased to meet you
ENHANCEDSTATUSCODES
PIPELINING
8BITMIME
SIZE
DSN
ETRN
AUTH GSSAPI DIGEST-MD5 CRAM-MD5
DELIVERBY
HELP
Checking VRFY command...
VRFY root
(252) 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
*SAFE*. Your SMTP server is NOT permitting the VRFY command.
Checking EXPN command...
EXPN root
(502) 5.7.0 Sorry, we do not allow this operation
*SAFE*. Your SMTP server is NOT permitting the EXPN command.
------------------------------------
TEST: Checking normal relaying capability...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Checking sneaky <"spammer@relay.bug"> ...
MAIL FROM: smtp-test@HackerWhacker.com
(250) 2.1.0 ... Sender ok
RCPT TO: <"smtp-test@HackerWhacker.com">
(550) 5.1.1 <"smtp-test@HackerWhacker.com">... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@
(553) 5.1.3 ... Hostname required
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
------------------------------------
TEST: Using local source...
MAIL FROM: smtp-test@[192.168.128.203]
(250) 2.1.0 ... Sender ok
RCPT TO: smtp-test@HackerWhacker.com
(550) 5.1.1 ... User unknown
*SAFE*. Your SMTP server is NOT permitting relaying using this method.
For Information on how to secure your email server: Securing your E-Mail Server |
|
| 53/tcp | domain | ISC Bind 9.2.3 | Known Security Problems |
|
| 80/tcp | http | Apache httpd 2.0.49 ((Fedora)) | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 443/tcp | ssl | OpenSSL | Known Security Problems |
|
| 1241/tcp | ssl | Nessus security scanner | Known Security Problems |
nc: invalid option -- T
nc -h for help
|
| 3306/tcp | mysql | MySQL (unauthorized) | This service has a valid use, though it's fast becoming obsolete. A negative use of the service is that anyone
can tell which user on a machine is using which port. This way, a
hacker can tell if your web server or sendmail server are running as
root which makes them a much more valuable target
Known Security Problems |
|
| 10000/tcp | http | Webmin httpd | HTTP has so many potential problems that it is the subject of another entire
scan. Most of these problems are related to CGI, the Common Gateway
Interface. Right here we are just displaying your /, or default
page. Often this is left unprotected so that people see the actual
file list of your document root instead of the default web page. Start
here for a good education in Web Server Security The World
Wide Web Security FAQ
Known Security Problems |
Hacker
Can See |
|
|
| 32770/tcp | status | 1 (rpc #100024) | Known Security Problems |
Scanning 192.168.128.193-203 ports 
