Re: Updated NetReg Scanners

[Phil Rodrigues <Phil.Rodrigues () UCONN EDU>]

We have released a new version of rpcscan, version 0.3.  Last week's
release was fast in case something nasty came out soon, this release
attempts to be much more thorough.  It incorporates all of the changes
people sent into us (thanks!!).

New Features:

- Class B scanning (Jordan Wiens at ufl.edu)
- Timeout option (-t) now takes milliseconds instead of seconds
- Default timeout increased from 0.5ms to 300ms
- Received timeout increased from 300ms to 3 seconds
- Usage docs improved
- Results output improved
- Error reporting improved
- Code can be switched between CLI and NetReg modes by setting #define
CLIMODE

Instead of constantly bombarding you with news of new releases we have
made a webpage.  Check it out if you want to see if there is a new version
or to report a  bug.

http://www.security.uconn.edu/netregscan/

Please submit any questions, comments, and changes to security () uconn edu.
This is a community effort, and your help and feedback are encouraged.

Phil

PS - The Class B scan is occasionally unstable.  If you are a programmer
and want to take a shot at fixing it let us know.

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





Phil Rodrigues <Phil.Rodrigues () UCONN EDU>
Sent by: The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
09/11/2003 03:15 PM
Please respond to The EDUCAUSE Security Discussion Group Listserv


        To:     SECURITY () LISTSERV EDUCAUSE EDU
        cc:
        Subject:        [SECURITY] Updated NetReg Scanners


Hi all,

Here are two new Linux command-line scanners that you can use to find
hosts
that are vulnerable to both MS03-026 (old) and MS03-039 (new).  If you are
using NetReg Scanner in your network you should upgrade to this latest
version as soon as is resonable.  These scanners should now work as well
as
the recently updated Microsoft and EEye scanners.

rpcscan2.c - The new code you should use in your NetReg Scanner to
properly
detect hosts that are vulnerable to MS03-039.  It returns results that
only
make sense to NetReg Scan (1 or 0).  It should compile on most Linux
distros with the following command: gcc -o rpcscan2 rpcscan2.c

http://security.uconn.edu/netregscan/rpcscan2.c

rpcscan_range2.c - A command-line Linux scanner that accepts address
ranges
instead of just a single address.  It is the fastest way we have found to
scan Class C size networks.  It returns more human-readable results than
rpcscan2.c.  It should compile on most Linux distros with the following
command: gcc -o rpcscan_range2 rpcscan_range2.c

http://security.uconn.edu/netregscan/rpcscan_range2.c

(We would love for someone to hack that to scan Class Bs.)

We have also updated the jumppage.cgi that is the heart of the NetReg
Scanner.  It references the updated scanner to return proper results.  It
is bundled with the rpcscan2.c into a single bzipped file.

http://security.uconn.edu/netregscan/jumppage.cgi.txt
http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2

If you have questions or comments about these tools please direct them to
security () uconn edu.  We tried to get them out as fast as possible, but we
also tried to test them fairly thoroughly.

Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
Josh Richard of the University of Minnesota-Duluth, and anyone else I may
have missed.

Phil

PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
using that:

http://cgi.nessus.org/plugins/dump.php3?id=11835

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
 =======================================

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.