Network Query Tool Detection
Medium Nessus Network Monitor Plugin ID 2743
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is running the Network Query Tool CGI script. This script allows anonymous, remote users to perform port scans, whois, DNS queries, ping, traceroute, and more via a web interface. An attacker coming upon this application would be able to use the script to perform discovery scanning against any range of addresses. This would include, but not be limited to, internal IP ranges.
SolutionEnsure that this application is valid with respect to corporate policies and guidelines. If the application is required, consider using Access Control Lists (ACLs) or other security measures to block unauthorized usage.