Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RPC scanners

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 12 Sep 2003 15:12:37 -0500
Thanks for the helpful tip.
 
 

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

        -----Original Message-----
        From: deji [mailto:deji () akomolafe com] 
        Sent: Friday, September 12, 2003 12:08 PM
        To: full-disclosure () lists netsys com
        Subject: RE: [Full-disclosure] RPC scanners
        
        
        Paul, the MS Scanner actually give yous a report of what's missing. Use the /l:Logfilename option and it will 
produce a nice little log file with the following entries:
         
        Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86
        Copyright (c) Microsoft Corporation 2003. All rights reserved.
        192.168.11.250: patched with KB824146 and KB823980
        192.168.11.246: patched with KB824146 and KB823980
        192.168.11.247: patched with KB824146 and KB823980
        <snip>
         
        This is in addition to the /o option that only lists the IP addresses of suspect systems.
         
        
        Sincerely,
        
        Dèjì Akómöláfé, MCSE MCSA MCP+I
        www.akomolafe.com
        www.iyaburo.com
        Do you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon

  _____  

        From: Schmehl, Paul L
        Sent: Fri 9/12/2003 7:18 AM
        To: full-disclosure () lists netsys com
        Subject: [Full-disclosure] RPC scanners
        
        
        My $0.02.
        
        The MS scanner covers a /16 in about two hours.  It *will* report Win9x
        machines as vulnerable, but that's a price I'm willing to pay.
        Unfortunately it gives you an IP list with no indication of what is
        wrong with the box.  (Is it missing both 026 & 039?  Just 039?)  But it
        allows you to script things that can help automate remediation
        processes.
        
        The eEye scanner works very well, but it limits you to a /24, which is a
        bit of a pain.  We use it for monitoring the worst offenders (VLANS, not
        people.)
        
        The Foundstone scanner?  Well, I started scanning the /16 last night
        around 6PM.  It's at 62582 addresses right now, so I suppose it will
        finish some time today.  Not good.  I was surprised, because their SQL
        scanner is very fast.  It covers a /16 in about an hour.  Don't know
        what the problem is, but something is definitely wrong.
        
        I haven't tried any other scanners.  I'll stick with the MS and eEye
        scanners.
        
        Paul Schmehl (pauls () utdallas edu)
        Adjunct Information Security Officer
        The University of Texas at Dallas
        AVIEN Founding Member
        http://www.utdallas.edu/~pauls/ 
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: