Nmap Development mailing list archives
Re: Question - script: p2p-conficker
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 22 Jan 2014 06:53:31 -0600
On Mon, Jan 20, 2014 at 5:50 PM, <Joe.Lemak () omya com> wrote:
This a comment in a script description: "This check won't work properly on a multihomed or NATed system because the open ports will be based on a nonpublic IP" Does the above script comment is saying that it will not work on my internal network using private IPs?
Joe, Conficker uses an algorithm to choose ports to open that depends on the IP address of the host that is infected. If the host only has one IP address, even if it is a private address, the script will work, since it starts with the same information that Conficker does. If, on the other hand, the infected host has multiple IP addresses, or is being accessed via an IP other than its internal IP (i.e. through port forwarding on a NAT device), the script will be calculating open ports based on an IP that is different than the one Conficker is using. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question - script: p2p-conficker Joe . Lemak (Jan 22)
- Re: Question - script: p2p-conficker Daniel Miller (Jan 22)
- Re: Question - script: p2p-conficker Ron (Jan 22)
- Re: Question - script: p2p-conficker Daniel Miller (Jan 22)