Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Conflicker/NMAP

From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 31 Mar 2009 08:59:22 -0700
  I too am finding no infected machines.  But on the two occasions when
people have brought infected machines onto our network, their presence has
been pretty obvious from looking at network traffic.  Since I don't
currently see such traffic, I'm not surprised that the scan comes up clean.

  My guess is that a lot of machines might be blocking the scan -- but that
the same block may keep them from being vulnerable to infection.

  We're on Spring Break this week, so we probably won't see a lot of
carry-in machines on our network until Monday.

David Gillett


________________________________

        From: Consolvo, Corbett D [mailto:cc72 () TXSTATE EDU]
        Sent: Tuesday, March 31, 2009 7:22 AM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] Conflicker/NMAP
        
        

        I realize many folks may not want to answer this, but has anyone had
many positives/infections with the released nmap scan for Conflicker?  So
far we seem to be coming up clean and many other folks I've talked to or
emailed with have come up clean as well.  I'm just concerned about the
possibility of false negatives.  Of course, the problem may not be
particularly wide-spread except in the eyes of some media outlets.

        

        Thanks,

        Corbett Consolvo

        Texas State University
Previous By Date Next
Previous By Thread Next

Current thread: