IDS mailing list archives

RE: Tool to remotely detect MBlaster infected machines?

From: bo.berlas () gsa gov
Date: Fri, 15 Aug 2003 11:18:50 -0400


Try this one from ISS.  It's a command line tool and generates decent
results.  You can scan entire class B networks.

See http://www.iss.net/support/product_utilities/ms03-026rpc.php




                                                                                                                        
 
                                                                                                                        
 
                    "david maynor"            To:     "Ostberg, Alex" <aostberg () state mt us>                         
    
                    <david.maynor@oit.g       cc:     'brad' <nelson.brad () comcast net>, "'focus-ids () securityfocus 
com'"  
                    atech.edu>                 <focus-ids () securityfocus com>, (bcc: Bo Berlas/IAS/CO/GSA/GOV)        
    
                                              Subject:     RE: Tool to remotely detect MBlaster infected machines?      
 
                    08/15/2003 11:00 AM                                                                                 
 
                                                                                                                        
 
                                                                                                                        
 




It is a good tool, but has the drawback of only doing 1 class c at a
time.

On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:

We have had a good experience thus far with the eEye tool
"RetinaRPCDCOM.exe" which is free.

www.eeye.com


Thanks,
Alex O. Ostberg
Data Security Analyst / Network Security Specialist
Information Technology Security Office - Information Technology Services
Division -
Department of Administration - State of Montana
Office:  406.444.4557
Fax:        406.444.2701
Email:     aostberg () state mt us



-----Original Message-----
From: brad [mailto:nelson.brad () comcast net]
Sent: Wednesday, August 13, 2003 6:43 PM
To: focus-ids () securityfocus com
Subject: Tool to remotely detect MBlaster infected machines?


Does anyone know of a tool to remotely detect mblast infected machines?

We

are checking machines with increased flows on 135 and traffic on 69 udp.

Is

there a better way?

Thanks,
Brad

---------------------------------------------------------------------------

Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm

---------------------------------------------------------------------------

---------------------------------------------------------------------------

Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm

---------------------------------------------------------------------------



---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------







---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------

Current thread:

Tool to remotely detect MBlaster infected machines? brad (Aug 15)
- RE: Tool to remotely detect MBlaster infected machines? Will Schmied (Aug 15)
- <Possible follow-ups>
- RE: Tool to remotely detect MBlaster infected machines? Ostberg, Alex (Aug 15)
  - RE: Tool to remotely detect MBlaster infected machines? david maynor (Aug 15)
- Re: Tool to remotely detect MBlaster infected machines? schwing (Aug 15)
- RE: Tool to remotely detect MBlaster infected machines? bo . berlas (Aug 19)
- RE: Tool to remotely detect MBlaster infected machines? Graham, Robert (ISS Atlanta) (Aug 19)