Sono un amministratore IT e al momento cerco di proteggere la mia rete. Ho fatto un'analisi della sicurezza con OpenVAS su un computer, e ho difficoltà a sfruttare il risultato:
Vulnerability Detection Result
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this host:
Port: 49152/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49152]
Port: 49153/tcp
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: Event log TCPIP
UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: NRP server endpoint
UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: DHCPv6 Client LRPC Endpoint
UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: DHCP Client LRPC Endpoint
UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: Security Center
Port: 49154/tcp
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: IP Transition Configuration endpoint
UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: XactSrv service
UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo
UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo
UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo
UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo
Port: 49155/tcp
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49155]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
Port: 49169/tcp
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.1.30[49169]
Port: 49177/tcp
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler function endpoint
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler base remote object endpoint
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler function endpoint
Solution : filter incoming traffic to this port(s).
Solution
filter incoming traffic to this port.
Vulnerability Detection Method
Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: $Revision: 41 $
- Come posso verificare tutti i servizi?
- Il computer è infetto da uno o più virus?