Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: use Nmap to find W32/Bagle.e@MM ?

From: Matthew Dalton <Matthew.Dalton () ROCHESTER EDU>
Date: Wed, 3 Mar 2004 12:09:24 -0500
This result in nmap means that there is probably a firewall inbetween, or something else which is filtering that port.  
I'm getting definite "open"s on my nmap scans.  Your command line looks good.

--
**************************************************************************
|Matthew Dalton                     |Phone: (585)273-1721                |
|ITS Security Group                 |Email: Matthew.Dalton () rochester edu |
|University of Rochester            |                                    |
|Rochester, NY 14620                |                                    |
**************************************************************************

On Wed, 3 Mar 2004, Scott Weeks wrote:


Hello Everyone,

Is this a suffucient method to find the W32/Bagle.e@MM infected machines?

   [root@localhost root]# nmap -P0 -p 2745 111.222.111.0/24

I see too many of these to believe as many machines as I've found are all
infected.  At least I HOPE so...

   Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
   Interesting ports on  (111.222.111.222):
   Port       State       Service
   2745/tcp   filtered    unknown

They all say "filtered" on this port.  That's what's throwing me off...


The ones I believe may not be infected show this:

   The 1 scanned port on machine.university.edu (111.222.111.221) is:
   closed


Thanks!
scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: