Re: Tool to remotely detect MBlaster infected machines?

[<schwing () tenablesecurity com>]

In-Reply-To: <1060959531.6927.8.camel () icehouse is gatech edu>

You can also use Nessus plugin Check 11818 The remote host is infected by 
msblast.exe

If you need to scan more then one class C at a time you could use the 
Tenable Lightning Console and Proxy to Scan multiple class B's at the same 
time.

Stephen Schwing
Tenable Network Security
www.tenablesecurity.com



> It is a good tool, but has the drawback of only doing 1 class c at a
> time.
>
> On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:
> > We have had a good experience thus far with the eEye tool
> > "RetinaRPCDCOM.exe" which is free.
> >
> > www.eeye.com
> >
> >
> > Thanks, 
> > Alex O. Ostberg
> > Data Security Analyst / Network Security Specialist
> > Information Technology Security Office - Information Technology Services
> > Division - 
> > Department of Administration - State of Montana
> > Office:  406.444.4557
> > Fax:        406.444.2701
> > Email:     aostberg () state mt us
> >
> >
> >
> > -----Original Message-----
> > From: brad [mailto:nelson.brad () comcast net]
> > Sent: Wednesday, August 13, 2003 6:43 PM
> > To: focus-ids () securityfocus com
> > Subject: Tool to remotely detect MBlaster infected machines?
> >
> >
> > Does anyone know of a tool to remotely detect mblast infected 
machines?  We
> > are checking machines with increased flows on 135 and traffic on 69 
udp.  Is
> > there a better way?
> >
> > Thanks,
> > Brad
> >
> >
> >
> > ------------------------------------------------------------------------
---
> > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
> >  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> >  - Automatically Control P2P, IM and Spam Traffic
> >  - Ensure Reliable Performance of Mission Critical Applications
> > Precisely Define and Implement Network Security and Performance Policies
> > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> > Visit us at: http://www.captusnetworks.com/ads/31.htm
> > ------------------------------------------------------------------------
---
> > ------------------------------------------------------------------------
---
> > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
> >  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> >  - Automatically Control P2P, IM and Spam Traffic
> >  - Ensure Reliable Performance of Mission Critical Applications
> > Precisely Define and Implement Network Security and Performance Policies
> > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> > Visit us at: http://www.captusnetworks.com/ads/31.htm
> > ------------------------------------------------------------------------
---
> >
>
>
> --------------------------------------------------------------------------
-
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
> --------------------------------------------------------------------------
-
>

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------