Educause Security Discussion mailing list archives
Re: use Nmap to find W32/Bagle.e@MM ?
From: Michael_Maloney <Michael_Maloney () MIDDLESEXCC EDU>
Date: Thu, 4 Mar 2004 08:51:17 -0500
Just curious, Has anyone else seen false positives looking for Bagle on this port? So far I've found a few systems that were shown to have this port open, but all scans and manual searches came up clean. Mike ******************************************** Mike Maloney Sr. System Engineer Middlesex County College 2600 Woodbridge Avenue Edison, NJ 08818 Phone: 732-906-7754 Cell: 908-217-2086 Fax: 732-906-4266 Email: Michael_Maloney () middlesexcc edu ******************************************** -----Original Message----- From: Scott Weeks [mailto:sweeks () SANDIEGO EDU] Sent: Wednesday, March 03, 2004 12:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] use Nmap to find W32/Bagle.e@MM ? Hello Everyone, Is this a suffucient method to find the W32/Bagle.e@MM infected machines? [root@localhost root]# nmap -P0 -p 2745 111.222.111.0/24 I see too many of these to believe as many machines as I've found are all infected. At least I HOPE so... Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (111.222.111.222): Port State Service 2745/tcp filtered unknown They all say "filtered" on this port. That's what's throwing me off... The ones I believe may not be infected show this: The 1 scanned port on machine.university.edu (111.222.111.221) is: closed Thanks! scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- <Possible follow-ups>
- Re: use Nmap to find W32/Bagle.e@MM ? Matthew Dalton (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Brian Eckman (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Pete Hoffswell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Jeff Kell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Herrera Reyna Omar (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Michael_Maloney (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Matthew Dalton (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Michael_Maloney (Mar 04)