Educause Security Discussion mailing list archives
Updated NetReg Scanners
From: Phil Rodrigues <Phil.Rodrigues () UCONN EDU>
Date: Thu, 11 Sep 2003 15:15:07 -0400
Hi all, Here are two new Linux command-line scanners that you can use to find hosts that are vulnerable to both MS03-026 (old) and MS03-039 (new). If you are using NetReg Scanner in your network you should upgrade to this latest version as soon as is resonable. These scanners should now work as well as the recently updated Microsoft and EEye scanners. rpcscan2.c - The new code you should use in your NetReg Scanner to properly detect hosts that are vulnerable to MS03-039. It returns results that only make sense to NetReg Scan (1 or 0). It should compile on most Linux distros with the following command: gcc -o rpcscan2 rpcscan2.c http://security.uconn.edu/netregscan/rpcscan2.c rpcscan_range2.c - A command-line Linux scanner that accepts address ranges instead of just a single address. It is the fastest way we have found to scan Class C size networks. It returns more human-readable results than rpcscan2.c. It should compile on most Linux distros with the following command: gcc -o rpcscan_range2 rpcscan_range2.c http://security.uconn.edu/netregscan/rpcscan_range2.c (We would love for someone to hack that to scan Class Bs.) We have also updated the jumppage.cgi that is the heart of the NetReg Scanner. It references the updated scanner to return proper results. It is bundled with the rpcscan2.c into a single bzipped file. http://security.uconn.edu/netregscan/jumppage.cgi.txt http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2 If you have questions or comments about these tools please direct them to security () uconn edu. We tried to get them out as fast as possible, but we also tried to test them fairly thoroughly. Thanks to Mike Lang and Keith Bessette of the University of Connecticut, Josh Richard of the University of Minnesota-Duluth, and anyone else I may have missed. Phil PS - Nessus plugin ID 11835 should detect the new vulnerability if you are using that: http://cgi.nessus.org/plugins/dump.php3?id=11835 ======================================= Philip A. Rodrigues Network Analyst, UITS University of Connecticut email: phil.rodrigues () uconn edu phone: 860.486.3743 fax: 860.486.6580 web: http://www.security.uconn.edu ======================================= ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Updated NetReg Scanners Phil Rodrigues (Sep 11)
- <Possible follow-ups>
- Re: Updated NetReg Scanners Phil Rodrigues (Sep 15)
- Re: Updated NetReg Scanners Richard Gadsden (Sep 15)