Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Updated NetReg Scanners

From: Phil Rodrigues <Phil.Rodrigues () UCONN EDU>
Date: Thu, 11 Sep 2003 15:15:07 -0400
Hi all,

Here are two new Linux command-line scanners that you can use to find hosts
that are vulnerable to both MS03-026 (old) and MS03-039 (new).  If you are
using NetReg Scanner in your network you should upgrade to this latest
version as soon as is resonable.  These scanners should now work as well as
the recently updated Microsoft and EEye scanners.

rpcscan2.c - The new code you should use in your NetReg Scanner to properly
detect hosts that are vulnerable to MS03-039.  It returns results that only
make sense to NetReg Scan (1 or 0).  It should compile on most Linux
distros with the following command: gcc -o rpcscan2 rpcscan2.c

http://security.uconn.edu/netregscan/rpcscan2.c

rpcscan_range2.c - A command-line Linux scanner that accepts address ranges
instead of just a single address.  It is the fastest way we have found to
scan Class C size networks.  It returns more human-readable results than
rpcscan2.c.  It should compile on most Linux distros with the following
command: gcc -o rpcscan_range2 rpcscan_range2.c

http://security.uconn.edu/netregscan/rpcscan_range2.c

(We would love for someone to hack that to scan Class Bs.)

We have also updated the jumppage.cgi that is the heart of the NetReg
Scanner.  It references the updated scanner to return proper results.  It
is bundled with the rpcscan2.c into a single bzipped file.

http://security.uconn.edu/netregscan/jumppage.cgi.txt
http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2

If you have questions or comments about these tools please direct them to
security () uconn edu.  We tried to get them out as fast as possible, but we
also tried to test them fairly thoroughly.

Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
Josh Richard of the University of Minnesota-Duluth, and anyone else I may
have missed.

Phil

PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
using that:

http://cgi.nessus.org/plugins/dump.php3?id=11835

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
 =======================================

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: