Educause Security Discussion mailing list archives
Re: Conflicker/Retina
From: Keir Novik <novik () SFU CA>
Date: Wed, 1 Apr 2009 12:03:31 -0700
We found some infected/vulnerable hosts on a class C-sized scan using the eEye Retina Utility for Conficker. Regards, Keir -- Dr. Keir Novik / Network Services, Simon Fraser University On 31-Mar-09, at 7:53 AM, Wayne Bullock wrote:
We are Eeye/Retina customers. I was able to download a tool that is supposed to be able to scan a class c sized address space for Confiker. It has statuses for Vulnerability and Infections. I have a known vulnerable address in a range but it doesn't find it. It does however find the Confiker vulnerability when I scan the single address. I sent in a ticket to Eeye about this. I image they're kind of busy today. Has anyone else experienced this? Thanks, --Wayne Wayne Bullock, MSCIS, CCNA Associate Director Communication Services Infrastructure Information Resource Management Florida Atlantic University 777 Glades Road Boca Raton, FL 33431 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Tuesday, March 31, 2009 10:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Conflicker/NMAP I hope to get my hands on a known-infected machine sometime today, but it's owned by a student who may or may not be cooperative. If I do, I'll let this group know what I find with both nmap and nessus-based scans. - ken Consolvo, Corbett D wrote:I realize many folks may not want to answer this, but has anyone had many positives/infections with the released nmap scan for Conflicker? So far we seem to be coming up clean and many other folks I've talked to or emailed with have come up clean as well. I'm just concerned about the possibility of false negatives. Of course, the problem may not be particularly wide-spread except in the eyes of some mediaoutlets.Thanks, Corbett Consolvo Texas State University-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- Re: Conflicker/Retina Keir Novik (Apr 01)