Nmap Development mailing list archives
Re: [NSE] MS08-067 check
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 12 Nov 2008 19:27:57 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 09 Nov 2008 13:12:53 -0600 Ron <ron () skullsecurity net> wrote:
Nevermind, I got it! I even got both my test boxes to crash at the same time (rolls eyes): -- Host script results: |_ ./scripts/smb-checkvulns.nse: This host is likely vulnerable to ms08-067 (it stopped responding during the test) Final times for host: srtt: 16691 rttvar: 16812 to: 100000 -- Ron
I've chatted in private with Ron about this script but I wanted to broadcast my praise of it to a larger audience :) We've been using this script for several days now with quite a bit of success. It does have the bad habit of crashing a lot of our vulnerable hosts but it also /seems/ more comprehensive/complete than a commercial vulnerability scanner we have that doesn't crash many hosts. My only recommendation for this script (really, the SMB library) is to change the SMB mutex from a global one to a per-IP one. When scanning thousands of SMB endpoints serial checking is rather slow. The only potential trouble a per-IP mutex would cause is if a dual-homed Windows machine has the unfortunate luck of being scanned simultaneously on multiple IPs. Great work Ron, thanks a bunch for these libraries and this script! Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkbLkMACgkQqaGPzAsl94L1YACfRuDs1OakbFZkM6uXF/0+RCGj s8gAoIRN1I7iS8pZhllxw+tqEBXuRabt =r2l2 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MS08-067 check Ron (Nov 05)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 07)