Security Incidents mailing list archives
RE: New Version of Retina Nimba Scanner
From: "Marc Maiffret" <marc () eeye com>
Date: Tue, 25 Sep 2001 07:43:27 -0700
just as a heads up guys... I just got back from Japan and have been going through the retina nimda scanner with the guys here and were cleaning it up to make it MUCH more accurate (i.e. less false positives) and we should have a new version out today. the documentation will more clearly explain the results which was where some got confused. sorry for the inconvenience. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: ck () localhost arch bellsouth net | [mailto:ck () localhost arch bellsouth net]On Behalf Of Christian Kuhtz | Sent: Sunday, September 23, 2001 5:13 PM | To: Andrew Calo | Cc: info; incidents () securityfocus com; security-basics () securityfocus com | Subject: Re: New Version of Retina Nimba Scanner | | | | This is no different than eEye's CodeRed scanner which didn't give you a | trustworthy indication whether CodeRedII was actually present. It would | recognize the cmd.exe backdoor and whine about CR2 being present, | which wasn't | neccessarily true at all (various other exploits created the same | backdoors). | | Given the difficulty in detecting an infection with high confidence, more | accurate reporting would go a long ways to improving the | credibility of these | scan tools. | | Andrew Calo wrote: | > | > This scanner reports many boxes that aren't infected as | infected. Terribly | > deceiving. | > | > At 05:31 PM 9/20/2001 -0700, info wrote: | > >A new version of Nimda Scanner has just been posted to the | eEye web site | > >that will also detect open shares on systems which is a common | trait of an | > >infection. | > > | > >http://www.eeye.com/html/Research/Tools/nimda.html | > > | > >Signed, | > >eEye Digital Security | > >T.949.349.9062 | > >F.949.349.9538 | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New Version of Retina Nimba Scanner info (Sep 21)
- <Possible follow-ups>
- RE:New Version of Retina Nimba Scanner John Stauffacher (Sep 21)
- RE: New Version of Retina Nimba Scanner bparis (Sep 21)
- RE: New Version of Retina Nimba Scanner Marc Maiffret (Sep 25)