Services Report

internal.n-m.com. SOA alfred.internal.n-m.com. root.alfred.internal.n-m.com. internal.n-m.com. NS alfred.internal.n-m.com. internal.n-m.com. NS nmforce1.internal.n-m.com. alfred.internal.n-m.com. A 192.168.100.28 alphalab.internal.n-m.com. A 172.30.2.40 appserv.internal.n-m.com. A 192.168.160.5 auto1.internal.n-m.com. A 10.0.3.1 autoscan.internal.n-m.com. A 10.0.3.1 cvs.internal.n-m.com. A 192.168.125.72 devlab.internal.n-m.com. A 172.30.1.40 dk1-netman.internal.n-m.com. A 192.168.100.58 filur.internal.n-m.com. CNAME mercury.internal.n-m.com. firewall.internal.n-m.com. A 192.168.0.2 francedb.internal.n-m.com. A 192.168.208.14 gateway.internal.n-m.com. A 10.0.0.1 gateway-100.internal.n-m.com. A 192.168.100.1 gateway-120.internal.n-m.com. A 192.168.120.1 gateway-125.internal.n-m.com. A 192.168.125.1 gateway-150.internal.n-m.com. A 192.168.150.1 granta.internal.n-m.com. A 192.168.100.33 hp2000c.internal.n-m.com. A 10.0.0.53 hpjet.internal.n-m.com. A 10.0.0.50 hpsales.internal.n-m.com. A 10.0.0.51 inside-120.internal.n-m.com. A 192.168.120.2 inside-125.internal.n-m.com. A 192.168.125.2 inside-150.internal.n-m.com. A 192.168.150.2 intra.internal.n-m.com. A 192.168.125.71 intranet.internal.n-m.com. CNAME sun.internal.n-m.com. intranetdev.internal.n-m.com. A 192.168.160.7 intratest.internal.n-m.com. CNAME nmforce2web02.internal.n-m.com. it-cph.internal.n-m.com. A 192.168.100.31 it-support.internal.n-m.com. CNAME nmforce3web02.internal.n-m.com. lj8000dk.internal.n-m.com. A 10.0.0.52 luna.internal.n-m.com. A 192.168.100.27 mail.internal.n-m.com. CNAME mail.dmz.n-m.com. mail-cph.internal.n-m.com. CNAME mail-cph.dmz.n-m.com. mercury.internal.n-m.com. A 192.168.100.40 netman.internal.n-m.com. CNAME netman.dmz.n-m.com. netman-wc1.internal.n-m.com. CNAME netman-wc1.dmz.n-m.com. news.internal.n-m.com. CNAME alfred.internal.n-m.com. nm-exch-cph.internal.n-m.com. A 192.168.100.29 nm-ras-cph.internal.n-m.com. A 192.168.110.20 nm-terminal.internal.n-m.com. A 192.168.100.23 nm-vpn-cph.internal.n-m.com. A 192.168.105.20 nm-whats-up.internal.n-m.com. A 10.0.1.115 nmdict.internal.n-m.com. A 192.168.125.48 nmforce1.internal.n-m.com. A 192.168.100.20 nmforce2.internal.n-m.com. A 192.168.100.21 nmforce21.internal.n-m.com. A 192.168.160.3 nmforce23.internal.n-m.com. A 192.168.160.4 nmforce2web02.internal.n-m.com. A 10.0.1.151 nmforce2web03.internal.n-m.com. A 10.0.1.152 nmforce2web04.internal.n-m.com. A 10.0.1.153 nmforce2web05.internal.n-m.com. A 10.0.1.154 nmforce2web06.internal.n-m.com. A 10.0.1.155 nmforce3.internal.n-m.com. A 192.168.100.22 nmforce3web02.internal.n-m.com. A 10.0.1.156 nmforce3web03.internal.n-m.com. A 10.0.1.157 nmforce3web04.internal.n-m.com. A 10.0.1.158 nmforce3web05.internal.n-m.com. A 10.0.1.159 ns.internal.n-m.com. A 192.168.100.28 nstdb.internal.n-m.com. CNAME francedb.internal.n-m.com. ntp.internal.n-m.com. CNAME mail-cph.dmz.n-m.com. playlab.internal.n-m.com. A 172.30.1.41 pluto.internal.n-m.com. A 192.168.100.57 raiders.internal.n-m.com. A 192.168.160.6 rdadmin.internal.n-m.com. A 192.168.125.70 rdserver.internal.n-m.com. A 10.0.1.201 reportgen.internal.n-m.com. A 192.168.100.41 rob-fw-ext.internal.n-m.com. A 172.17.0.1 robert.internal.n-m.com. A 172.17.0.3 scdev.internal.n-m.com. A 10.0.3.1 securescan.internal.n-m.com. A 172.17.0.2 serouter.internal.n-m.com. A 10.0.0.40 sun.internal.n-m.com. A 192.168.100.65 supportdb.internal.n-m.com. A 172.17.0.50 swatch.internal.n-m.com. A 10.0.1.4 switch.internal.n-m.com. A 10.0.1.3 tatooine.internal.n-m.com. A 192.168.100.39 testlab.internal.n-m.com. A 172.30.0.40 trobert.internal.n-m.com. A 10.0.0.100 us1-mailgate.internal.n-m.com. CNAME us1-mailgate.dmz.n-m.com. usintranet.internal.n-m.com. CNAME intranetdev.internal.n-m.com. vig-service.internal.n-m.com. A 192.168.100.34 vigilante-dev.internal.n-m.com. A 192.168.160.8 vigilante-dev-nx.internal.n-m.com. CNAME vigilante-dev.internal.n-m.com. vigilante-dev-support.internal.n-m.com. CNAME vigilante-dev.internal.n-m.com. vigilantix.internal.n-m.com. A 10.0.1.121 w00dp3ck4z.internal.n-m.com. CNAME pluto.internal.n-m.com. web50.internal.n-m.com. A 192.168.125.50 web51.internal.n-m.com. A 192.168.125.51 web52.internal.n-m.com. A 192.168.125.52 web53.internal.n-m.com. A 192.168.125.53 web54.internal.n-m.com. A 192.168.125.54 web55.internal.n-m.com. A 192.168.125.55 web56.internal.n-m.com. A 192.168.125.56 web57.internal.n-m.com. A 192.168.125.57 web58.internal.n-m.com. A 192.168.125.58 web59.internal.n-m.com. A 192.168.125.59 web60.internal.n-m.com. A 192.168.125.60 web61.internal.n-m.com. A 192.168.125.61 web62.internal.n-m.com. A 192.168.125.62 web63.internal.n-m.com. A 192.168.125.63 web64.internal.n-m.com. A 192.168.125.64 web65.internal.n-m.com. A 192.168.125.65 web66.internal.n-m.com. A 192.168.125.66 web67.internal.n-m.com. A 192.168.125.67 web68.internal.n-m.com. A 192.168.125.68 web69.internal.n-m.com. A 192.168.125.69 webmail.internal.n-m.com. CNAME nm-exch-cph.internal.n-m.com. woodpeckers.internal.n-m.com. CNAME pluto.internal.n-m.com. www.internal.n-m.com. A 172.17.0.6 xserver.internal.n-m.com. A 192.168.125.10 internal.n-m.com. SOA alfred.internal.n-m.com. root.alfred.internal.n-m.com.

Date:	Sunday, March 10, 2002 16:21:01
User Name:	xxxxxxxxxxxxxxxxxxxxxx
Company:	xxxxxxxxxx
Session ID:	112
Session Name:	Test 1
Current Job ID:	131
Current Job Date:	March 10, 2002 4:19:31 PM

Services	Number of Vulnerabilities	go to Detail
discard (udp)	2
dns (tcp)	2
http (tcp)	12
imap (tcp)	1
NetBios Name (udp)	3
pop3 (tcp)	2
smtp (tcp)	3
Windows_TerminalServer4 (tcp)	1
wins (tcp)	1

	discard/udp Service is Running	A remote attacker can usea simple, open and not-very-useful network service named discard/UDP to eat the network bandwidth.
	NEW	Port: 9

	discard/udp Service is Running	A remote attacker can usea simple, open and not-very-useful network service named discard/UDP to eat the network bandwidth.
	NEW	Port: 9

	DNS Zone Transfer	An attacker can use the name-to-address mapping mechanism to gather sensitive information about the internal network topology.
	First Reported:March 10, 2002 3:45:31 PM	Port: 53
		Extended Info internal.n-m.com. SOA alfred.internal.n-m.com. root.alfred.internal.n-m.com. internal.n-m.com. NS alfred.internal.n-m.com. internal.n-m.com. NS nmforce1.internal.n-m.com. alfred.internal.n-m.com. A 192.168.100.28 alphalab.internal.n-m.com. A 172.30.2.40 appserv.internal.n-m.com. A 192.168.160.5 auto1.internal.n-m.com. A 10.0.3.1 autoscan.internal.n-m.com. A 10.0.3.1 cvs.internal.n-m.com. A 192.168.125.72 devlab.internal.n-m.com. A 172.30.1.40 dk1-netman.internal.n-m.com. A 192.168.100.58 filur.internal.n-m.com. CNAME mercury.internal.n-m.com. firewall.internal.n-m.com. A 192.168.0.2 francedb.internal.n-m.com. A 192.168.208.14 gateway.internal.n-m.com. A 10.0.0.1 gateway-100.internal.n-m.com. A 192.168.100.1 gateway-120.internal.n-m.com. A 192.168.120.1 gateway-125.internal.n-m.com. A 192.168.125.1 gateway-150.internal.n-m.com. A 192.168.150.1 granta.internal.n-m.com. A 192.168.100.33 hp2000c.internal.n-m.com. A 10.0.0.53 hpjet.internal.n-m.com. A 10.0.0.50 hpsales.internal.n-m.com. A 10.0.0.51 inside-120.internal.n-m.com. A 192.168.120.2 inside-125.internal.n-m.com. A 192.168.125.2 inside-150.internal.n-m.com. A 192.168.150.2 intra.internal.n-m.com. A 192.168.125.71 intranet.internal.n-m.com. CNAME sun.internal.n-m.com. intranetdev.internal.n-m.com. A 192.168.160.7 intratest.internal.n-m.com. CNAME nmforce2web02.internal.n-m.com. it-cph.internal.n-m.com. A 192.168.100.31 it-support.internal.n-m.com. CNAME nmforce3web02.internal.n-m.com. lj8000dk.internal.n-m.com. A 10.0.0.52 luna.internal.n-m.com. A 192.168.100.27 mail.internal.n-m.com. CNAME mail.dmz.n-m.com. mail-cph.internal.n-m.com. CNAME mail-cph.dmz.n-m.com. mercury.internal.n-m.com. A 192.168.100.40 netman.internal.n-m.com. CNAME netman.dmz.n-m.com. netman-wc1.internal.n-m.com. CNAME netman-wc1.dmz.n-m.com. news.internal.n-m.com. CNAME alfred.internal.n-m.com. nm-exch-cph.internal.n-m.com. A 192.168.100.29 nm-ras-cph.internal.n-m.com. A 192.168.110.20 nm-terminal.internal.n-m.com. A 192.168.100.23 nm-vpn-cph.internal.n-m.com. A 192.168.105.20 nm-whats-up.internal.n-m.com. A 10.0.1.115 nmdict.internal.n-m.com. A 192.168.125.48 nmforce1.internal.n-m.com. A 192.168.100.20 nmforce2.internal.n-m.com. A 192.168.100.21 nmforce21.internal.n-m.com. A 192.168.160.3 nmforce23.internal.n-m.com. A 192.168.160.4 nmforce2web02.internal.n-m.com. A 10.0.1.151 nmforce2web03.internal.n-m.com. A 10.0.1.152 nmforce2web04.internal.n-m.com. A 10.0.1.153 nmforce2web05.internal.n-m.com. A 10.0.1.154 nmforce2web06.internal.n-m.com. A 10.0.1.155 nmforce3.internal.n-m.com. A 192.168.100.22 nmforce3web02.internal.n-m.com. A 10.0.1.156 nmforce3web03.internal.n-m.com. A 10.0.1.157 nmforce3web04.internal.n-m.com. A 10.0.1.158 nmforce3web05.internal.n-m.com. A 10.0.1.159 ns.internal.n-m.com. A 192.168.100.28 nstdb.internal.n-m.com. CNAME francedb.internal.n-m.com. ntp.internal.n-m.com. CNAME mail-cph.dmz.n-m.com. playlab.internal.n-m.com. A 172.30.1.41 pluto.internal.n-m.com. A 192.168.100.57 raiders.internal.n-m.com. A 192.168.160.6 rdadmin.internal.n-m.com. A 192.168.125.70 rdserver.internal.n-m.com. A 10.0.1.201 reportgen.internal.n-m.com. A 192.168.100.41 rob-fw-ext.internal.n-m.com. A 172.17.0.1 robert.internal.n-m.com. A 172.17.0.3 scdev.internal.n-m.com. A 10.0.3.1 securescan.internal.n-m.com. A 172.17.0.2 serouter.internal.n-m.com. A 10.0.0.40 sun.internal.n-m.com. A 192.168.100.65 supportdb.internal.n-m.com. A 172.17.0.50 swatch.internal.n-m.com. A 10.0.1.4 switch.internal.n-m.com. A 10.0.1.3 tatooine.internal.n-m.com. A 192.168.100.39 testlab.internal.n-m.com. A 172.30.0.40 trobert.internal.n-m.com. A 10.0.0.100 us1-mailgate.internal.n-m.com. CNAME us1-mailgate.dmz.n-m.com. usintranet.internal.n-m.com. CNAME intranetdev.internal.n-m.com. vig-service.internal.n-m.com. A 192.168.100.34 vigilante-dev.internal.n-m.com. A 192.168.160.8 vigilante-dev-nx.internal.n-m.com. CNAME vigilante-dev.internal.n-m.com. vigilante-dev-support.internal.n-m.com. CNAME vigilante-dev.internal.n-m.com. vigilantix.internal.n-m.com. A 10.0.1.121 w00dp3ck4z.internal.n-m.com. CNAME pluto.internal.n-m.com. web50.internal.n-m.com. A 192.168.125.50 web51.internal.n-m.com. A 192.168.125.51 web52.internal.n-m.com. A 192.168.125.52 web53.internal.n-m.com. A 192.168.125.53 web54.internal.n-m.com. A 192.168.125.54 web55.internal.n-m.com. A 192.168.125.55 web56.internal.n-m.com. A 192.168.125.56 web57.internal.n-m.com. A 192.168.125.57 web58.internal.n-m.com. A 192.168.125.58 web59.internal.n-m.com. A 192.168.125.59 web60.internal.n-m.com. A 192.168.125.60 web61.internal.n-m.com. A 192.168.125.61 web62.internal.n-m.com. A 192.168.125.62 web63.internal.n-m.com. A 192.168.125.63 web64.internal.n-m.com. A 192.168.125.64 web65.internal.n-m.com. A 192.168.125.65 web66.internal.n-m.com. A 192.168.125.66 web67.internal.n-m.com. A 192.168.125.67 web68.internal.n-m.com. A 192.168.125.68 web69.internal.n-m.com. A 192.168.125.69 webmail.internal.n-m.com. CNAME nm-exch-cph.internal.n-m.com. woodpeckers.internal.n-m.com. CNAME pluto.internal.n-m.com. www.internal.n-m.com. A 172.17.0.6 xserver.internal.n-m.com. A 192.168.125.10 internal.n-m.com. SOA alfred.internal.n-m.com. root.alfred.internal.n-m.com.

	DNS Server Enabled	The system runs a name-to-address mapping server. Its security must be enforced.
	First Reported:March 10, 2002 3:45:31 PM	Port: 53

	HTTP Available Banner Exposure	An attacker can gather information about the Web server that is running, and use it to prepare a strong attack.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80
		Extended Info HTTP server version: dart webserver tool/1.0

	HTTP Directory Listing	The configuration of the Web server does not conform to a strict "need to know" policy, which means that outside users can access more information than they need.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80
		Extended Info /images directory is listable

	HTTP Available Banner Exposure	An attacker can gather information about the Web server that is running, and use it to prepare a strong attack.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80
		Extended Info HTTP server version: Apache/1.3.19 (Unix) (Red-Hat/Linux) PHP/4.0.6

	Red Hat Linux Apache Remote Username Enumeration Vulnerability	It is possible to know if a user exists on your host from the response returned by your web server.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80


	Apache Split-Logfile File Appending Vulnerability	An attacker can act arbitrarily on your webserver.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80

	Apache - HTTP Server is Outdated	The Web server running on the system is outdated. An update is recommended.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80


	Apache - HTTP Server is Outdated	The Web server running on the system is outdated. An update is recommended.
	First Reported:March 10, 2002 3:45:31 PM	Port: 443


	HTTP Available Banner Exposure	An attacker can gather information about the Web server that is running, and use it to prepare a strong attack.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80
		Extended Info HTTP server version: Apache/1.3.11 (Unix) mod_ssl/2.5.0 OpenSSL/0.9.4

	HTTP Available Banner Exposure	An attacker can gather information about the Web server that is running, and use it to prepare a strong attack.
	First Reported:March 10, 2002 3:45:31 PM	Port: 443
		Extended Info HTTP server version: Apache/1.3.11 (Unix) mod_ssl/2.5.0 OpenSSL/0.9.4

	Apache Split-Logfile File Appending Vulnerability	An attacker can act arbitrarily on your webserver.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80


	Apache Split-Logfile File Appending Vulnerability	An attacker can act arbitrarily on your webserver.
	First Reported:March 10, 2002 3:45:31 PM	Port: 443

	Microsoft IIS 4.0/5.0 Multiple Vulnerabilities	A remote attacker can use several meanings to compromise your web server.
	First Reported:March 10, 2002 3:45:31 PM	Port: 80

	IMAP Server Returns Information in Banner Vulnerability	The program used to give acess to users' mailboxes reveals information on the server version, which could be used to launch further attacks.
	First Reported:March 10, 2002 3:45:31 PM	Port: 143
		Extended Info * OK Microsoft Exchange IMAP4rev1 server version 5.5.2653.22 (nmforce21.internal.n-m.com) ready

	NetBIOS Names Retrieved	An attacker can gather information on a remote system.
	First Reported:March 10, 2002 3:45:31 PM	Port: 137
		Extended Info Names gathered: SPSERVER WORKGROUP SPSERVER WORKGROUP WORKGROUP ..__MSBROWSE__. MAC Address: 00-01-02-A3-B9-38

	POP3 Service Is Running Vulnerability	An unsecured network service named POP3 is running on the target system.
	First Reported:March 10, 2002 3:45:31 PM	Port: 110


	POP3 Server Returns Information in Banner Vulnerability	An attacker can gather information about the live operating system or the active POP3 application, to prepare a strong attack.
	First Reported:March 10, 2002 3:45:31 PM	Port: 110
		Extended Info +OK Microsoft Exchange POP3 server version 5.5.2653.22 ready

	SMTP Relay is Enabled Vulnerability	Mail server accepts and relays mail from unknown sources.
	First Reported:March 10, 2002 3:45:31 PM	Port: 25


	SMTP Forgery	When your SMTP server accepts any domain in the HELO command, it is possible for attackers to forge mail from your server.
	First Reported:March 10, 2002 3:45:31 PM	Port: 25
		Extended Info Server reply to HELO Fake_Domain: 250 OK

	SMTP Available Banner Vulnerability	An attacker can gather information about the operating system and the SMTP server type running on the remote host.
	First Reported:March 10, 2002 3:45:31 PM	Port: 25
		Extended Info 220 nmforce21.internal.n-m.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.21) ready

	Microsoft RDP DoS Vulnerability	By sending a particular sequence of packets to the port associated with RDP on an affected server, an attacker could cause the server to fail.
	First Reported:March 10, 2002 3:45:31 PM	Port: 3389

	WINS Fill Log	Bad network configuration allows an outside attacker to fill a log file.
	First Reported:March 10, 2002 3:45:31 PM	Port: 42