Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: article about Conficker says nmap can be used to discover it

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 30 Mar 2009 17:41:59 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 30 Mar 2009 12:23:53 -0500 or thereabouts "DePriest, Jason R."
<jrdepriest () gmail com> wrote:


The Register has a story here:
http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/
that claims nmap has "signatures" coming soon to sniff out Conficker
infected systems.

I can't find anything in the nmap mailing list archives to validate
this.

Who's been working on it?  Is it going to be an NSE script?

Thanks.

-Jason



Ron, Fyodor, and Tillmann Werner worked on it on Sunday and this
morning and Ron committed r12737 and r12738 which added detection.

Ron put together a really great blog post about it:

http://www.skullsecurity.org/blog/?p=209

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknRBGgACgkQqaGPzAsl94LcNgCdHBRwpyxL9AOxr6aBn6CodfRH
uQAAnRCGWBhFky+ttide2E4N0cxZawNN
=jfTL
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: