Ok the full skinny,
Two xp home box's one fully patched one owned by teanage daughter status unknown. Behind netgear router nat enabled and acting as dhcp. Port forwarding from 7224 to 7226 for Bittorrent, running at time of scan.



No Risk Security Audit Synopsis

Report ID:
1100083285
Review Status:
Pending
Audit Queued:
Apr 17, 2004 12:04 GMT
Audit Started:
Apr 17, 2004 12:05 GMT
Audit Completed:
Apr 17, 2004 13:41 GMT
Host address(es):
xxxxxxxxxxxxxxxxx
Report Contents

1. Risk Classification Summary
2. Baseline Comparison Control
3. Vulnerability Category Summary
4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports
7. Complete Report Order Form
Appendix A: Risk Definitions

1. Risk Classification Summary

Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 1 different issues we found are spread across the different risk classes. For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions

2. Baseline Comparison Control

Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.
Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.

According to your current report style, baseline comparisons are:
Enabled
Comparisons have been done against the report:
Report ID:
Most recent audit in your account.
Make this audit a preferred baseline for use in comparing to other audits:

3. Vulnerability Category Summary

The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.


Category
High__
Med__
Low__
Other__
CGI abuses




Windows




Denial of Service




Gain root remotely




General




Misc.


1__

FTP




Gain a shell remotely




Remote file access




SMTP problems




Backdoors




CISCO




RPC




Default Unix Accounts




Firewalls




Windows : User management




Useless services




Peer-To-Peer File Sharing




SNMP




Finger abuses




Settings




Netware




Port scanners




NIS




Totals:
0__
0__
1__
0__
This report is a synopsis of a security audit done on your system. You had 0 High Risk and 0 Medium Risk vulnerabilities that were not disclosed in the above report. To view the details of these vulnerabilities and solutions to fix them, please subscribe to one of the services below.

Low Risk Vulnerabilities
_10287__Misc. : Traceroute
5. Vulnerability Details

10287_Misc.: Traceroute
Description
general/udp
For your information, here is the traceroute to xxxxxxxxxxx
69.28.227.212
69.28.226.193
216.187.68.5
216.187.68.69
216.187.68.229
216.187.68.58
65.207.236.177
152.63.71.210
152.63.70.106
152.63.64.57
204.255.174.238
144.232.20.90
144.232.26.109
144.232.9.157
144.232.13.181
144.232.13.16
160.81.43.102
213.200.81.117
213.200.77.130
212.74.106.97
?


Makes a traceroute to the remote host.

Risk factor : Low
Additional Information:
Traceroute is only a problem if the route shown above is revealing sensitive IP addresses internal to your network. If the addresses shown are all upstream to you, then you have no risk associated with this test. If, on the other hand, we are showing private addresses on the traceroute, you should consider filtering ICMP Destination Unreachable (Code 3) and ICMP Time Exceeded (Code 11) messages.
This implementation of traceroute works by sending UDP packets with a source port of 1025 and a destination port of 32768 with increasing TTL values.

*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.

Edit Disposition
Corrected False Positive Non-Impacting Other
6. Open Ports on xxxxxxx



Number of open ports found by port scan:0
_
While having 0 ports open is very good, you should be aware that this does not guarantee you are secure. You need to consider the following items:
The port scan did not include UDP ports
Vulnerabilities such as trojans that "phone home" cannot be detected by a port scan
You may not be protected from email viruses
_
Appendix A: Risk Definitions

Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.

Low Risk Vulnerabilities
We view these vulnerabilities as problems typically only if the information they provide or access granted can be used in conjunction with a one or more other vulnerabilities to compromise your system or network. These vulnerabilities are usually not problems in their own right, but could potentially lead to problems in conjunction with other services.


Jinxy