Educause Security Discussion mailing list archives
Re: Conflicker/NMAP
From: Dean De Beer <deandebeer () GMAIL COM>
Date: Wed, 1 Apr 2009 13:46:54 -0400
I'd be careful about using this. It's a VB script that would need to be pushed out to each machine in the environment. It then tries to resolve a series of domains with 'norton' in them. It also requires creating A records on the name server to test against. If they don't resolve then the system is infected. This is a not a great way to do detects and in a large infrastructure would likely cause a dos situation on the dns server. Basically all it does is what this page does: http://www.joestewart.org/cfeyechart.html On Wed, Apr 1, 2009 at 1:25 PM, Marty Hoag <marty.hoag () ndsu edu> wrote:
Here is a link to the Homeland Security release notice: http://www.dhs.gov/ynews/releases/pr_1238443907751.shtm It appears it is available but through established response and security channels. I won't try to summarize more than that so you'll have to read the release for more details. Marty Jason Frisvold wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joseph Clark wrote:Has anyone tried the Department of Homeland Security Conficker Scanner?Does anyone *have* the DoHS scanner? The press release I saw noted that it was for Federal systems only and not available to the public... (Why they wouldn't release it to everyone, I don't know...) - -- - --------------------------- Jason Frisvold Network Engineer frisvolj () lafayette edu - --------------------------- "What I cannot create, I do not understand" - Richard Feynman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFJ05IEO80o6DJ8UvkRArGcAJ4yAMopC5Mk9/xxW944fqoGo2uLYgCbBZqm KP1bYgUwi+zXHaG8Xi4Rz0Q= =IdQ5 -----END PGP SIGNATURE-----
Current thread:
- Re: Conflicker/NMAP Jason Frisvold (Apr 01)
- <Possible follow-ups>
- Re: Conflicker/NMAP Marty Hoag (Apr 01)
- Re: Conflicker/NMAP Dean De Beer (Apr 01)
- Re: Conflicker/NMAP Joel Rosenblatt (Apr 01)