Nmap Development mailing list archives
Re: Nmap 4.85BETA5: Now with Conficker detection!
From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Mar 2009 23:48:50 -0700
On Mon, Mar 30, 2009 at 01:03:19PM -0700, Fyodor wrote:
Hi All! We found out just yesterday about new research by Tillmann Werner and Felix Leder of a way to anonymously scan for Conficker worm infections! Ron sprang into action and added the detection to the smb-check-vulns NSE script! I even had to infect one of my own systems for Ron to test with. David and Brandon helped too.
And the script is already winning praise :). I just found an article at Darkreading.com which includes: I can't vouch for all of the tools listed in the list Dan included on his blog, but I did spend quite a bit of time testing Nmap, Simple Conficker Scanner (Honeynet Project) and Tenable Nessus this morning, and they pretty much all had the same results. The only real difference is price; the first two tools are free, while Nessus is only free for home users and corporate users pay a pretty reasonable $1,200/year. Of the three tools I've used, Nmap has been the top performer in regards to speed followed by Nessus and the Simple Conficker Scanner (SCS). The SCS tool is Python-based, which Dan Kaminsky has ported to Windows with py2exe so admins aren't required to install Python to use. The SCS tool wasn't very fast, although I did found that by performing an Nmap of the network first to find hosts listening on port 445/tcp and feeding that list to SCS, the scan time for SCS is greatly reduced. However, at that point, you might as well use Nmap. [Full article: http://www.darkreading.com/blog/archives/2009/03/conficker_detec.html] I've posted an announcement of the new version and a link to more news articles up at http://insecure.org. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! LevelZero (Mar 31)
- Re: Nmap 4.85BETA5: Now with Conficker detection! David Fifield (Mar 31)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)