PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Scanning for Confiker via nmap

From: paul at pauldotcom.com (Paul Asadoorian)
Date: Mon, 30 Mar 2009 12:55:50 -0400
John Sawyer wrote:

The $1200 a year difference is probably quite significant for some people.


The Nessus home feed is free for home users.  So, depends your budget
and type/size of your organization.


Since most of these checks are a result of the Conficker Working Group,
I would suspect their mostly all the same minus some minor adjustments
for the idiosyncrasies of each tool.


Agreed.

Paul




-jhs

On Mar 30, 2009, at 12:29 PM, Paul Asadoorian wrote:


Not certain, but you could compare the NASL and the NSE to see.  Nessus
may just be easier for some if you don't have the SVN version of Nmap
already installed in your environment.

Cheers,
Paul

Albert R. Campa wrote:

interesting, so not having looked at this yet, whats the difference
between that and scanning with Nessus?


__________________________________
Albert R. Campa


2009/3/30 John Sawyer <jsawyer at ufl.edu <mailto:jsawyer at ufl.edu>
<mailto:jsawyer at ufl.edu>>

   The Conficker check is in the latest SVN version of Nmap. It's in
   the smb-check-vulns.nse which now checks for Conficker, MS08-067 and
   a regsvc DoS.

   nmap --script smb-check-vulns.nse -p445

   For safety's sake, you might want to also run it with
   --script-args=unsafe=1 to prevent possible crashes from the regsvc
   check. That should not turn off the conficker check.

   -jhs

   On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote:


   According to this:
   http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/

   A script should be released today to scan for conficker-infected
   machines over the wire.

   I looked at the NSE portal and haven't seen anything yet - would it
   show up there, or is there a development site or repository where
this
   will first appear?

   I'd like to get a scan in before April 1st, when variant C drops.

   --
   - Chris Merkel
   _______________________________________________
   Pauldotcom mailing list
   Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
<mailto:Pauldotcom at mail.pauldotcom.com>
   http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
   Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>




   _______________________________________________
   Pauldotcom mailing list
   Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
<mailto:Pauldotcom at mail.pauldotcom.com>
   http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
   Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>



------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
Previous By Date Next
Previous By Thread Next

Current thread: