News Server (NNTP) Anonymous Read / Write Access

medium Nessus Plugin ID 17204

Language:

Synopsis

The NNTP server is open.

Description

The remote server seems open to remote users. Some people prefer open public NNTP servers to be able to read or post articles anonymously. Unwanted connections could waste your bandwidth or put you into legal trouble if a malicious person were to use your server to post abusive articles.

Keep in mind that robots are harvesting such open servers on Internet, so you cannot hope that you will stay hidden for long.

** As it is very common to have IP based authentication, this might be
** a false positive if the Nessus scanner is among the allowed source
** addresses.

Solution

Enforce authentication or filter connections from outside.

Plugin Details

Severity: Medium

ID: 17204

File Name: open_nntp_server.nasl

Version: Revision: 1.12

Type: remote

Family: General

Published: 2/23/2005

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Detections

Analytics