Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RPC scanners

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 12 Sep 2003 09:18:10 -0500
My $0.02.

The MS scanner covers a /16 in about two hours.  It *will* report Win9x
machines as vulnerable, but that's a price I'm willing to pay.
Unfortunately it gives you an IP list with no indication of what is
wrong with the box.  (Is it missing both 026 & 039?  Just 039?)  But it
allows you to script things that can help automate remediation
processes.

The eEye scanner works very well, but it limits you to a /24, which is a
bit of a pain.  We use it for monitoring the worst offenders (VLANS, not
people.)

The Foundstone scanner?  Well, I started scanning the /16 last night
around 6PM.  It's at 62582 addresses right now, so I suppose it will
finish some time today.  Not good.  I was surprised, because their SQL
scanner is very fast.  It covers a /16 in about an hour.  Don't know
what the problem is, but something is definitely wrong.

I haven't tried any other scanners.  I'll stick with the MS and eEye
scanners.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: