Educause Security Discussion mailing list archives
Re: Conflicker/NMAP
From: David Boyer <David () BVU EDU>
Date: Tue, 31 Mar 2009 09:33:23 -0500
We've had zero positives with NMAP so far. However, all of our clients are part of our WSUS distribution and would been patched on October. Also, we run Windows Firewall which would have blocked the infection even on unpatched systems. Most of the antivirus vendors and perimeter security devices seem to have released signatures to block the infection several months ago. MRT added definitions for Conficker in January, which we also push out with WSUS. In other words, in places where the systems have been kept reasonably up to date and where the proper ports haven't been wide-open at the perimeter, it seems typical that you won't see a lot of infections, or perhaps any. If you have centralized antivirus with decent reporting, you ought to be able to correlate your NMAP findings with discoveries of Conficker. Our AV software also lets us know which clients are receiving updates, etc., so we can also confirm that our AV software is working properly.
"Consolvo, Corbett D" <cc72 () TXSTATE EDU> 9:21 AM 3/31/2009 >>>
I realize many folks may not want to answer this, but has anyone had many positives/infections with the released nmap scan for Conflicker? So far we seem to be coming up clean and many other folks I’ve talked to or emailed with have come up clean as well. I’m just concerned about the possibility of false negatives. Of course, the problem may not be particularly wide-spread except in the eyes of some media outlets. Thanks, Corbett Consolvo Texas State University
Current thread:
- Conflicker/NMAP Consolvo, Corbett D (Mar 31)
- <Possible follow-ups>
- Re: Conflicker/NMAP Stanclift, Michael (Mar 31)
- Re: Conflicker/NMAP Harris, Michael C. (Mar 31)
- Re: Conflicker/NMAP Greg T. Grimes (Mar 31)
- Re: Conflicker/NMAP Jason S. Cash (Mar 31)
- Re: Conflicker/NMAP David Boyer (Mar 31)
- Re: Conflicker/NMAP Ken Connelly (Mar 31)
- Re: Conflicker/NMAP Jason Testart (Mar 31)
- Re: Conflicker/NMAP Jason Frisvold (Mar 31)
- Re: Conflicker/NMAP Mike Austin (Mar 31)
- Re: Conflicker/NMAP King, Ronald A. (Mar 31)
- Re: Conflicker/NMAP John Sawyer (Mar 31)
- Re: Conflicker/NMAP Jerry Sell (Mar 31)
- Re: Conflicker/NMAP Pete Hickey (Mar 31)
- Re: Conflicker/NMAP James R. Pardonek (Mar 31)
- Re: Conflicker/NMAP Stanclift, Michael (Mar 31)
(Thread continues...)