sign in sign up
<<
Home , At (command)

SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

TENABLE NETWORK SECURITY, INC. Active Connections

April 29, 2012 at 2:11pm CDT Dave Breslin [dbreslin3]

Confidential: The following report contains confidential information. Do not distribute, email, fax, or transfer via any electronic mechanism unless it has been approved by the recipient company's security policy. All copies and backups of this document should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is grounds for termination. Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

Table of Contents

Netstat Connections - 192.168.1.4 ...... 1 10.100.15.5 ...... 2 10.100.15.8 ...... 4 10.100.20.3 ...... 6 10.100.20.25 ...... 8 10.100.20.27 ...... 10 10.100.20.28 ...... 12 10.100.20.40 ...... 14 10.100.30.23 ...... 16 10.100.30.34 ...... 17

Table of Contents

Tenable Network Security i Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

Netstat Connections - 192.168.1.4

Host Count for Last 5 Days

Current Count by Subnet

IP Address Total 10.100.30.0/24 2 10.100.20.0/24 5 10.100.15.0/24 2

Netstat Connections - 192.168.1.4

Tenable Network Security 1 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.15.5

NetBIOS Name: UNKNOWN\MAC0014 Crit.: 0 High: 1 Med.: 1 Low: 0 MAC Address: 60:c5:47:22:2e:1a DNS Name: mac0014.itsdept.com Last Scan: Apr 29, 2012 @ 1:37PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' .

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk : None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output : Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 44 10.100.15.5.22 10.0.0.61.50001 ESTABLISHED tcp4 0 0 10.100.15.5.49438 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.5.49428 17.149.36.178.5223 ESTABLISHED tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp6 0 0 ::1.631 *.* LISTEN udp4 0 0 10.100.15.5.123 *.* udp6 0 0 *.56597 *.* udp4 0 0 *.56597 *.* udp6 0 0 *.60190 *.* udp4 0 0 *.60190 *.* udp6 0 0 *.63881 *.* udp4 0 0 *.63881 *.* udp6 0 0 *.57959 *.* udp4 0 0 *.57959 *.* udp6 0 0 *.60482 *.* udp4 0 0 *.60482 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.*

Netstat Connections - 192.168.1.4

Tenable Network Security 2 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

udp6 0 0 fe80::62c5:47ff:.123 *.* udp6 0 0 ::1.123 *.* udp4 0 0 127.0.0.1.123 *.* udp6 0 0 fe80::1%lo0.123 *.* udp6 0 0 *.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp6 0 0 *.5353 *.* udp4 0 0 *.5353 *.* udp4 0 0 *.* *.* udp46 0 0 *.* *.* udp4 0 0 *.138 *.* udp4 0 0 *.137 *.* icm6 0 0 *.* *.*

Netstat Connections - 192.168.1.4

Tenable Network Security 3 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.15.8

NetBIOS Name: UNKNOWN\MAC0007 Crit.: 0 High: 14 Med.: 2 Low: 0 MAC Address: 60:c5:47:22:a2:08 DNS Name: mac0007.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output : Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 44 10.100.15.8.22 10.0.0.61.55874 ESTABLISHED tcp4 0 0 10.100.15.8.49194 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.8.49188 10.0.0.95.445 ESTABLISHED tcp4 0 0 10.100.15.8.49178 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.8.49155 17.172.232.201.5223 ESTABLISHED tcp6 0 0 *.3689 *.* LISTEN tcp4 0 0 *.3689 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp6 0 0 ::1.631 *.* LISTEN udp6 0 0 *.52818 *.* udp4 0 0 *.52818 *.* udp6 0 0 *.57051 *.* udp4 0 0 *.57051 *.* udp6 0 0 *.55799 *.* udp4 0 0 *.55799 *.* udp6 0 0 *.61325 *.* udp4 0 0 *.61325 *.* udp6 0 0 *.62779 *.* udp4 0 0 *.62779 *.*

Netstat Connections - 192.168.1.4

Tenable Network Security 4 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 10.100.15.8.123 *.* udp6 0 0 fe80::62c5:47ff:.123 *.* udp6 0 0 ::1.123 *.* udp4 0 0 127.0.0.1.123 *.* udp6 0 0 fe80::1%lo0.123 *.* udp6 0 0 *.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp46 0 0 *.* *.* udp6 0 0 *.5353 *.* udp4 0 0 *.5353 *.* udp4 0 0 *.138 *.* udp4 0 0 *.137 *.* icm6 0 0 *.* *.*

Netstat Connections - 192.168.1.4

Tenable Network Security 5 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.20.3

NetBIOS Name: ITSDEPT\DT0020 Crit.: 9 High: 163 Med.: 43 Low: 2 MAC Address: 52:54:00:ab:3e:bb DNS Name: dt0020.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output :

Active Connections

Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 764 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1059 0.0.0.0:0 LISTENING 832 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 944 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 720 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1384 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1384 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 944 TCP 10.100.20.3:135 10.0.0.61:37546 ESTABLISHED 764 TCP 10.100.20.3:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.3:445 10.0.0.61:60142 ESTABLISHED 4 TCP 10.100.20.3:1059 10.0.0.61:60846 ESTABLISHED 832 TCP 10.100.20.3:3396 192.168.1.4:445 ESTABLISHED 4 TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1644 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:1063 *:* 900 UDP 0.0.0.0:1070 *:* 900 UDP 0.0.0.0:1119 *:* 900

Netstat Connections - 192.168.1.4

Tenable Network Security 6 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.3:123 *:* 832 UDP 10.100.20.3:137 *:* 4 UDP 10.100.20.3:138 *:* 4 UDP 10.100.20.3:1900 *:* 964 UDP 127.0.0.1:123 *:* 832 UDP 127.0.0.1:1900 *:* 964

Netstat Connections - 192.168.1.4

Tenable Network Security 7 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.20.25

NetBIOS Name: ITSDEPT\DT0030 Crit.: 8 High: 130 Med.: 41 Low: 2 MAC Address: 52:54:00:10:c1:5b DNS Name: dt0030.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output :

Active Connections

Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 768 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1086 0.0.0.0:0 LISTENING 836 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 1500 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 964 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1476 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1476 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 1500 TCP 10.100.20.25:135 10.0.0.61:36587 ESTABLISHED 768 TCP 10.100.20.25:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.25:445 10.0.0.61:37534 ESTABLISHED 4 TCP 10.100.20.25:1051 192.168.1.4:445 ESTABLISHED 4 TCP 10.100.20.25:1086 10.0.0.61:35195 ESTABLISHED 836 TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 456 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.25:123 *:* 836

Netstat Connections - 192.168.1.4

Tenable Network Security 8 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

UDP 10.100.20.25:137 *:* 4 UDP 10.100.20.25:138 *:* 4 UDP 10.100.20.25:1900 *:* 964 UDP 127.0.0.1:123 *:* 836 UDP 127.0.0.1:1040 *:* 836 UDP 127.0.0.1:1900 *:* 964

Netstat Connections - 192.168.1.4

Tenable Network Security 9 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.20.27

NetBIOS Name: ITSDEPT\DT0031 Crit.: 7 High: 127 Med.: 38 Low: 2 MAC Address: 52:54:00:1a:1e:5a DNS Name: dt0031.itsdept.com Last Scan: Apr 29, 2012 @ 1:39PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output :

Active Connections

Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 760 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1085 0.0.0.0:0 LISTENING 828 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 1360 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 956 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 712 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1372 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1372 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 1360 TCP 10.100.20.27:135 10.0.0.61:37743 ESTABLISHED 760 TCP 10.100.20.27:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.27:445 10.0.0.61:35125 ESTABLISHED 4 TCP 10.100.20.27:1066 192.168.1.4:445 ESTABLISHED 4 TCP 10.100.20.27:1085 10.0.0.61:54161 ESTABLISHED 828 TCP 10.100.20.27:2869 10.0.0.1:1250 CLOSE_WAIT 956 TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1756 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:1065 *:* 912

Netstat Connections - 192.168.1.4

Tenable Network Security 10 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.27:123 *:* 828 UDP 10.100.20.27:137 *:* 4 UDP 10.100.20.27:138 *:* 4 UDP 10.100.20.27:1900 *:* 956 UDP 127.0.0.1:123 *:* 828 UDP 127.0.0.1:1900 *:* 956

Netstat Connections - 192.168.1.4

Tenable Network Security 11 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.20.28

NetBIOS Name: ITSDEPT\DT0032 Crit.: 6 High: 124 Med.: 38 Low: 2 MAC Address: 52:54:00:2a:3e:10 DNS Name: dt0032.itsdept.com Last Scan: Apr 29, 2012 @ 1:39PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output :

Active Connections

Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 764 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1073 0.0.0.0:0 LISTENING 832 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 1388 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 960 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 720 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1396 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1396 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 1388 TCP 10.100.20.28:135 10.0.0.61:57491 ESTABLISHED 764 TCP 10.100.20.28:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.28:445 10.0.0.61:33651 ESTABLISHED 4 TCP 10.100.20.28:1068 192.168.1.4:445 ESTABLISHED 4 TCP 10.100.20.28:1070 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.28:1071 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.28:1072 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.28:1073 10.0.0.61:56831 ESTABLISHED 832 TCP 10.100.20.28:2869 10.0.0.1:1848 CLOSE_WAIT 960 TCP 10.100.20.28:2869 10.0.0.1:1849 CLOSE_WAIT 4

Netstat Connections - 192.168.1.4

Tenable Network Security 12 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

TCP 10.100.20.28:2869 10.0.0.1:1850 CLOSE_WAIT 4 TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 2008 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:1067 *:* 916 UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.28:123 *:* 832 UDP 10.100.20.28:137 *:* 4 UDP 10.100.20.28:138 *:* 4 UDP 10.100.20.28:1900 *:* 960 UDP 127.0.0.1:123 *:* 832 UDP 127.0.0.1:1900 *:* 960

Netstat Connections - 192.168.1.4

Tenable Network Security 13 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.20.40

NetBIOS Name: ITSDEPT\DT0035 Crit.: 6 High: 121 Med.: 38 Low: 2 MAC Address: 52:54:00:10:12:1b DNS Name: dt0035.itsdept.com Last Scan: Apr 29, 2012 @ 1:39PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output :

Active Connections

Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 768 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1054 0.0.0.0:0 LISTENING 836 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 1468 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 964 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1508 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1508 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 1468 TCP 10.100.20.40:135 10.0.0.61:56242 ESTABLISHED 768 TCP 10.100.20.40:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.40:445 10.0.0.61:42040 ESTABLISHED 4 TCP 10.100.20.40:1050 192.168.1.4:445 ESTABLISHED 4 TCP 10.100.20.40:1051 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.40:1052 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.40:1053 192.168.1.4:139 TIME_WAIT 0 TCP 10.100.20.40:1054 10.0.0.61:41573 ESTABLISHED 836 TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING 884 UDP 0.0.0.0:445 *:* 4

Netstat Connections - 192.168.1.4

Tenable Network Security 14 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.40:123 *:* 836 UDP 10.100.20.40:137 *:* 4 UDP 10.100.20.40:138 *:* 4 UDP 10.100.20.40:1900 *:* 964 UDP 127.0.0.1:123 *:* 836 UDP 127.0.0.1:1039 *:* 836 UDP 127.0.0.1:1900 *:* 964

Netstat Connections - 192.168.1.4

Tenable Network Security 15 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.30.23

Crit.: 12 High: 47 Med.: 26 Low: 2 MAC Address: 08:00:27:9a:4g:1e DNS Name: svr0100.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output : Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 44 10.100.30.23:22 10.0.0.61:45287 ESTABLISHED tcp 0 0 10.100.30.23:37771 192.168.1.4:445 ESTABLISHED tcp 0 0 10.100.30.23:57265 192.168.1.4:139 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN udp 0 0 0.0.0.0:57291 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp6 0 0 :::45835 :::* udp6 0 0 :::5353 :::*

Netstat Connections - 192.168.1.4

Tenable Network Security 16 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

10.100.30.34

Crit.: 11 High: 40 Med.: 44 Low: 3 MAC Address: 08:00:27:13:10:10 DNS Name: srv0120.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM

Host Netstat Details

Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command.

Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Solution: n/a

Risk Factor: None

CVSS Base Score:

CVSS Vector:

Plugin Output: Netstat output : Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:42969 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 10.0.0.55:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 10.100.30.34:22 10.0.0.61:45466 ESTABLISHED tcp 1 0 10.0.0.55:45257 69.31.106.74:80 CLOSE_WAIT tcp 8 0 10.0.0.55:55730 192.168.1.4:139 ESTABLISHED tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 0 :::35934 :::* LISTEN tcp 0 0 :::111 :::* LISTEN udp 0 0 0.0.0.0:869 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:623 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* udp 0 0 10.100.30.34:123 0.0.0.0:*

Netstat Connections - 192.168.1.4

Tenable Network Security 17 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

udp 0 0 10.0.0.55:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 0.0.0.0:60440 0.0.0.0:* udp 0 0 0.0.0.0:51376 0.0.0.0:* udp 0 0 10.0.0.55:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 :::869 :::* udp 0 0 :::111 :::* udp 0 0 fe80::a00:27ff:fe13:123 :::* udp 0 0 fe80::a00:27ff:fee0:123 :::* udp 0 0 ::1:123 :::* udp 0 0 :::123 :::* udp 0 0 :::33151 :::*

Netstat Connections - 192.168.1.4

Tenable Network Security 18