Full Disclosure mailing list archives

RE: Nachi Worm

From: "Discini, Sonny" <Sonny.Discini () montgomerycountymd gov>
Date: Thu, 4 Dec 2003 17:24:20 -0500

Actually, if you scan for port 707 and it is open, you can be sure that
the box is infected. This is how we pinpoint Welchia/Nachia infections. 
 
 
Sonny Discini
Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
-----Original Message-----
From: Norman Girard [mailto:ngirard () qualys com] 
Sent: Thursday, December 04, 2003 3:32 PM
To: David Loyd; isp-security () isp-securtiy com
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Nachi Worm


Dave,
 
You can scan but only through the registry access. You need to provide
the login credentials of the domain...

        -----Original Message-----
        From: David Loyd [mailto:2of2 () unimatrix01 us]
        Sent: Thursday, December 04, 2003 11:53 AM
        To: isp-security () isp-securtiy com
        Cc: full-disclosure () lists netsys com
        Subject: [Full-disclosure] Nachi Worm
        
        
        Does any one know if you can sacn of the nachi worm or the
rpc.dcom vulnerability with nessus
         
        Thanks
        
        Dave

Current thread:

Nachi Worm David Loyd (Dec 04)
- <Possible follow-ups>
- RE: Nachi Worm Norman Girard (Dec 04)
- RE: Nachi Worm Discini, Sonny (Dec 04)
- RE: Nachi Worm Norman Girard (Dec 04)
- Re: Nachi Worm Gabriel L. Somlo (Dec 04)
- RE: Re: Nachi Worm Schmehl, Paul L (Dec 04)