[4eyes] FW: [COMS #28759] [UCSB-OIT #173599] Vulnerabilities Found on 128.111.68.209

Matthew Turk mturk at cs.ucsb.edu
Wed Oct 21 18:15:57 PDT 2009 

Everyone please see the email below from campus IT (and CS support). Whose
machine is this?

 

            Matthew

 

From: Andreas Boschke [mailto:andreas at cs.ucsb.edu] 
Sent: Tuesday, October 20, 2009 1:31 PM
To: Tobias Hollerer; Matthew Turk
Subject: FWD: [COMS #28759] [UCSB-OIT #173599] Vulnerabilities Found on
128.111.68.209 

 

Hi Tobias and Matthew:

 

Would you please forward this to the administrator of 128.111.68.209 and ask
them to tighten the security policy? 

It seem this IP is consistently going to Ethernet MAC:
00:1a:a0:87:be:04 (531s) 

 

Thanks, 

 

-Andreas

 

=

On Tue Oct 20 08:51:36 2009, vsc at oit.ucsb.edu wrote:

> Greetings:

> 

> Our vulnerability scanner has found vulnerable hosts on your network.

> I highly recommend taking the recommended actions mentioned in this

> report in order to reduce the chances of this host becoming compromised.

> If you believe any part of this report to be false, please let me know

> so that we can work to improve our reporting accuracy.

> 

> Here are the relevant parts of the report:

> ----------------------------------------

> IP Address: 128.111.68.209

> Scanned on Oct  5, 2009 at 17:26

> ----------------------------------------

> Nessus Plugin ID: 26919

> Port Info: microsoft-ds (445/tcp)

> 

> Synopsis :

> 

> It is possible to log into the remote host. 

> 

> Description :

> 

> The remote host is running one of the Microsoft Windows operating

> systems.  It was possible to log into it as a guest user using a 

> random account.

> 

> 

> Solution :

> 

> In the group policy change the setting for 

> 'Network access: Sharing and security model for local accounts' from

> 'Guest only - local users authenticate as Guest' to

> 'Classic - local users authenticate as themselves'.

> 

> Risk factor :

> 

> Medium / CVSS Base Score : 5.0

> (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

> 

> CVE : CVE-1999-0505

=

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/ilab-users/attachments/20091021/5a79ceae/attachment-0001.html>

More information about the Ilab-users mailing list