Educause Security Discussion mailing list archives

Re: use Nmap to find W32/Bagle.e@MM ?

From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Wed, 3 Mar 2004 10:49:23 -0800

On Wed, 3 Mar 2004, Brian Eckman wrote:

:  Scott Weeks wrote:
:  > Hello Everyone,
:  >
:  > Is this a suffucient method to find the W32/Bagle.e@MM infected machines?
:  >
:  >    [root@localhost root]# nmap -P0 -p 2745 111.222.111.0/24
:
:  I'd do -PI. If the host doesn't ping, it probably won't have 2745/tcp
:  open. But you will very possibly miss a host or two this way. It's a
:  matter of personal preference.


Sorry, I shouldn't have put the -P0 there for the email as I have an ICMP
blocker between myself and the machines I'm monitoring and it made my
question less clear...

Thanks!
scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- <Possible follow-ups>
- Re: use Nmap to find W32/Bagle.e@MM ? Matthew Dalton (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Brian Eckman (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Pete Hoffswell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Scott Weeks (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Jeff Kell (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Herrera Reyna Omar (Mar 03)
- Re: use Nmap to find W32/Bagle.e@MM ? Michael_Maloney (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Gary Flynn (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Matthew Dalton (Mar 04)
- Re: use Nmap to find W32/Bagle.e@MM ? Michael_Maloney (Mar 04)