[AsteriskBrasil] Segurança, Iptable, ip valido no servidor, servidor na dmz...

Eliel Oliveira slayer.r0x em gmail.com
Quinta Outubro 8 15:00:07 BRT 2009 

Report de 72.55.148.11

Porta 6669
Reported by NVT "Trojan horses" (1.3.6.1.4.1.25623.1.0.11157):

An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
 Host Control
 Vampire

Unless you know for sure what is behind it, you'd better
check your system

*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)

Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low

Porta 111
The RPC portmapper is running on this port.

An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.

Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205

Porta 22
Reported by NVT "SSH Server type and version" (1.3.6.1.4.1.25623.1.0.10267):

Remote SSH version : SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110


====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An ssh server is running on this port

porta 25
smtpscan was not able to reliably identify this server. It might be:
Qmail 1.0.3
The fingerprint differs from these known signatures on 1 point(s)

If you known precisely what it is, please send this fingerprint
to smtp-signatures em nessus.org :
:250:250:250:250:250:553:553:214:252:502:502:502:502:250:250

====================================================================
Reported by NVT "SMTP Server type and version"
(1.3.6.1.4.1.25623.1.0.10263):

Remote SMTP server banner :
220 mail.thewebsilo.com ESMTP SPF1



This is probably: Qmail

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An SMTP server is running on this port
Here is its banner :
220 mail.thewebsilo.com ESMTP SPF1

====================================================================
Reported by NVT "Identifies services like FTP, SMTP, NNTP..."
(1.3.6.1.4.1.25623.1.0.14773):

A SMTP server is running on this port

porta 995
A pop3 server is running on this port

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

A TLSv1 server answered on this port

Porta 6667
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
 Dark FTP
 EGO
 Maniac rootkit
 Moses
 ScheduleAgent
 SubSeven
 Subseven 2.1.4 DefCon 8
 The Thing (modified)
 Trinity
 WinSatan

Here is the service banner:
:irc.thewebsilo.com NOTICE AUTH :*** Looking up your hostname...


Unless you know for sure what is behind it, you'd better
check your system

*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)

Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low

====================================================================
Reported by NVT "Unknown services banners" (1.3.6.1.4.1.25623.1.0.11154):

An unknown server is running on this port.

Porta 6668
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
0x00:  3A 69 72 63 2E 74 68 65 77 65 62 73 69 6C 6F 2E    :irc.thewebsilo.
0x10:  63 6F 6D 20 4E 4F 54 49 43 45 20 41 55 54 48 20    com NOTICE AUTH
0x20:  3A 2A 2A 2A 20 4C 6F 6F 6B 69 6E 67 20 75 70 20    :*** Looking up
0x30:  79 6F 75 72 20 68 6F 73 74 6E 61 6D 65 2E 2E 2E    your hostname...
0x40:  0D 0A                                              ..

Porta 9993
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP
ready. Copyright 1998-2008 Double Precision, Inc.  See COPYING for
distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An IMAP server is running on this port through SSL

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

A TLSv1 server answered on this port

Porta 143
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready.
Copyright 1998-2008 Double Precision, Inc.  See COPYING for distribution
information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An IMAP server is running on this port

porta 113
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An identd server is running on this port


General UDP
Reported by NVT "Traceroute" (1.3.6.1.4.1.25623.1.0.10287):

For your information, here is the traceroute to 72.55.148.11 :
192.168.1.128
192.168.1.1
201.21.160.1
189.4.0.98
201.64.76.1
200.244.168.150
200.230.251.70
200.230.251.78
4.71.230.5
4.68.16.62
4.69.134.113
4.69.141.5
4.59.176.10

porta 21
Remote FTP server banner :
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

====================================================================
Reported by NVT "Services" (1.3.6.1.4.1.25623.1.0.10330):

An FTP server is running on this port.
Here is its banner :
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

====================================================================
Reported by NVT "Identifies services like FTP, SMTP, NNTP..."
(1.3.6.1.4.1.25623.1.0.14773):

A SMTP server is running on this port

porta 53
Reported by NVT "DNS Server Detection" (1.3.6.1.4.1.25623.1.0.11002):


A DNS server is running on this port. If you do not use it, disable it.

Risk factor : Low



QUE MACARRONADA DE SERVIÇOS


=p
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20091008/7d5f14b3/attachment.htm

Mais detalhes sobre a lista de discussão AsteriskBrasil