Nmap Development mailing list archives
smb-check-vulns.nse reports error on hosts possibly infected with Conficker
From: Kit Peters <cpeters () ucmo edu>
Date: Wed, 17 Oct 2012 11:39:19 -0500
Environment: nmap / zenmap 6.01 on windows 7 64-bit. Run against a heterogeneous network (TV / radio station) of servers, workstations, printers, and other embedded systems. Expected behavior: Systems likely to be infected with Conficker are reported as such Actual behavior: Possibly infected systems (in a previous run on the same system with nmap 5.50 they were reported as likely to be infected) generate the error: "Conficker: UNKNOWN; got error NT_STATUS_WERR_INVALID_PARAMETER (srvsvc.netpathcanonicalize)" Discussion: When I ran a scan on the network with nmap 5.50 many of the systems that generated the NT_STATUS_WERR_INVALID_PARAMETER error were reported as likely to be infected with Conficker.C or lower. One system in particular (192.168.87.201) I am fairly certain is infected. However, when I updated to (ze)nmap 6.01, all of these systems instead gave me the above error. Complete nmap output attached. -- - Kit Peters (W0KEH), Engineer II KMOS TV Channel 6 / KTBG 90.9 FM University of Central Missouri http://kmos.org/ | http://ktbg.fm/
Attachment:
nmap smb-check-vulns scan 192.168.87.0-254.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- smb-check-vulns.nse reports error on hosts possibly infected with Conficker Kit Peters (Oct 17)
- Re: smb-check-vulns.nse reports error on hosts possibly infected with Conficker David Fifield (Oct 17)