Educause Security Discussion mailing list archives
use Nmap to find W32/Bagle.e@MM ?
From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Wed, 3 Mar 2004 09:05:22 -0800
Hello Everyone, Is this a suffucient method to find the W32/Bagle.e@MM infected machines? [root@localhost root]# nmap -P0 -p 2745 111.222.111.0/24 I see too many of these to believe as many machines as I've found are all infected. At least I HOPE so... Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (111.222.111.222): Port State Service 2745/tcp filtered unknown They all say "filtered" on this port. That's what's throwing me off... The ones I believe may not be infected show this: The 1 scanned port on machine.university.edu (111.222.111.221) is: closed Thanks! scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- <Possible follow-ups>
- Re: use Nmap to find W32/Bagle.e@MM ? Matthew Dalton (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Brian Eckman (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Pete Hoffswell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Jeff Kell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Herrera Reyna Omar (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Michael_Maloney (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
(Thread continues...)