Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Conflicker/NMAP

From: Jason Frisvold <frisvolj () LAFAYETTE EDU>
Date: Tue, 31 Mar 2009 10:40:23 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 31, 2009, at 10:21 AM, Consolvo, Corbett D wrote:
I realize many folks may not want to answer this, but has anyone had many positives/infections with the released nmap scan for Conflicker? So far we seem to be coming up clean and many other folks I’ve talked to or emailed with have come up clean as well. I’m just concerned about the possibility of false negatives. Of course, the problem may not be particularly wide-spread except in the eyes of some media outlets.
We ran both the nmap and python scanners here and came up empty as well. Unfortunately, I don't have access to a known-infected machine to verify either detection method.
We're also ramping up our IDS to monitor for suspicious activity, should there be any. I would be interested in any other methods others are using to detect/prevent Conficker, and others. 


Thanks,
Corbett Consolvo
Texas State University


- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAknSK1cACgkQO80o6DJ8UvmWjACeMumTi2OUmL/rLMRcOPOrSGQU
z3QAniZQ4Y/uPLjPebGT/7qyeaVA8pCw
=gNRK
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: