Kdyby byl někdo tak hodný a napsal mě co tam píšou děkuji předem
Paranoia Test bezpečenosti
Moderátoři: Mods_senior, Security team
Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Paranoia Test bezpečenosti
Udělal sem sem si TEST bezpečnosti ale nemám zdáni proč odpověď přišla v angličtině.A já tomu vůbec nerozumím tak posílám odkaz http://www.paranoia.cz/test/report/rid/43d224e181515580a500cdca2383c196/svc/60021
Kdyby byl někdo tak hodný a napsal mě co tam píšou děkuji předem
Kdyby byl někdo tak hodný a napsal mě co tam píšou děkuji předem
domain (53/tcp) status Skrýt detaily
status
Synopsis :
It is possible to obtain the version number of the remote DNS server.
Description :
The remote host is running BIND, an open-source DNS server. It is possible
to extract the version number of the remote installation by sending
a special DNS request for the text ’version.bind’ in the domain ’chaos’.
Solution :
It is possible to hide the version number of bind by using the ’version’
directive in the ’options’ section in named.conf
Risk factor : None
Plugin output:
The version of the remote BIND server is : 9.4.0b1
status
A DNS server is running on this port but it only
answers to UDP requests.
This means that TCP requests are blocked by a firewall.
This configuration is not RFC-compliant. Contrary to
common belief, TCP transport is not restricted to zone
transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
over TCP.
- for all other requests, UDP is only ’preferred’ for
performance reasons. i.e. RFC1035 (STD0013) does not forbid
a DNS client from issuing its queries directly over TCP.
** If you are sure that your DNS server will never return
** answers bigger than 512 bytes and that the client
** software prefers UDP (which is nearly certain), you may
** disregard this message.
Read RFC1035 (STD0013) for more information.
Risk factor : None
Synopsis :
Remote DNS server is vulnerable to Cache Snooping attacks.
Description :
The remote DNS server answers to queries for third party domains which do
not have the recursion bit set.
This may allow a remote attacker to determine which domains have recently
been resolved via this name server, and therefore which hosts have been
recently visited.
For instance, if an attacker was interested in whether your company utilizes
the online services of a particular financial institution, they would
be able to use this attack to build a statistical model regarding
company usage of aforementioned financial institution. Of course,
the attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more...
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
http://community.sidestep.pt/~luis/DNS- ... ng_1.1.pdf
Risk factor : Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as http://www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to ’bounce’ Denial of Service attacks
against another network or system.
See also :
http://www.cert.org/advisories/CA-1997-22.html
Solution :
Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
’allow-recursion’ in the ’options’ section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the ’acl’ command
Then, within the options block, you can explicitly state:
’allow-recursion { hosts_defined_in_acl }’
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I)
CVE :
http://www.cve.mitre.org/cgi-bin/cvenam ... -1999-0024
BID :
http://www.securityfocus.com/bid/136
http://www.securityfocus.com/bid/678
Toto mě to napsalo
status
Synopsis :
It is possible to obtain the version number of the remote DNS server.
Description :
The remote host is running BIND, an open-source DNS server. It is possible
to extract the version number of the remote installation by sending
a special DNS request for the text ’version.bind’ in the domain ’chaos’.
Solution :
It is possible to hide the version number of bind by using the ’version’
directive in the ’options’ section in named.conf
Risk factor : None
Plugin output:
The version of the remote BIND server is : 9.4.0b1
status
A DNS server is running on this port but it only
answers to UDP requests.
This means that TCP requests are blocked by a firewall.
This configuration is not RFC-compliant. Contrary to
common belief, TCP transport is not restricted to zone
transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
over TCP.
- for all other requests, UDP is only ’preferred’ for
performance reasons. i.e. RFC1035 (STD0013) does not forbid
a DNS client from issuing its queries directly over TCP.
** If you are sure that your DNS server will never return
** answers bigger than 512 bytes and that the client
** software prefers UDP (which is nearly certain), you may
** disregard this message.
Read RFC1035 (STD0013) for more information.
Risk factor : None
Synopsis :
Remote DNS server is vulnerable to Cache Snooping attacks.
Description :
The remote DNS server answers to queries for third party domains which do
not have the recursion bit set.
This may allow a remote attacker to determine which domains have recently
been resolved via this name server, and therefore which hosts have been
recently visited.
For instance, if an attacker was interested in whether your company utilizes
the online services of a particular financial institution, they would
be able to use this attack to build a statistical model regarding
company usage of aforementioned financial institution. Of course,
the attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more...
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
http://community.sidestep.pt/~luis/DNS- ... ng_1.1.pdf
Risk factor : Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as http://www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to ’bounce’ Denial of Service attacks
against another network or system.
See also :
http://www.cert.org/advisories/CA-1997-22.html
Solution :
Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
’allow-recursion’ in the ’options’ section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the ’acl’ command
Then, within the options block, you can explicitly state:
’allow-recursion { hosts_defined_in_acl }’
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I)
CVE :
http://www.cve.mitre.org/cgi-bin/cvenam ... -1999-0024
BID :
http://www.securityfocus.com/bid/136
http://www.securityfocus.com/bid/678
Toto mě to napsalo
Přišlo mi dnes jen blahopřání (O.K.) v češtině.
Ale toto ???
Našlo ti to 2 bezpečnostní díry. Tam kde máš "Risk factor-NONE" je to O.K. Ale máš tam 1x nízké a 1x střední riziko. (low a medium)
Softwarová angličtina je pro mne zatím španělská vesnice Zatím zkontroluj nastavení připojení k netu,nastavení firewallu. Snad se tu ukáže někdo kdo je na tom s tou anglínou líp. 
Jiné testy: http://www.test.bezpecnosti.cz/
http://security.symantec.com/sscv6/defa ... &venid=sym
http://scan.sygate.com/
S nastavením síťových prvků ti Zdenku neporadím (DNS servery, BIND), ale pro začátek se zkus podívat do Tento počítač/Vlastnosti/Vzdálený přístup, jestli máš zaškrtnutou některou z možností Povolit zasílání požadavků ... nebo Povolit připojení vzdálených uživatelů ... U obou bys měl mít zrušeno to zaškrtnutí.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!