Full Disclosure mailing list archives

RE: Scanning the PCs for RPC Vulnerability

From: "Jerry Heidtke" <jheidtke () fmlh edu>
Date: Wed, 3 Sep 2003 08:45:55 -0500


Early versions of the tools from both ISS and eEye had problems with
false positives. These problems seems to be fixed in the most recent
versions. Foundstone and MS are probably running into the same issues
with their first releases. MS probably won't get it right until version
3.1...
 
Founstone's RPCScan 1.01 looks like it correctly identifies Win9x
computers. Make sure you're using that version. I don't like Founstone's
RPCScan anyway because there's no way to export the results or generate
a report. I use scanms.exe from ISS, and run it through a little perl
program I wrote that takes a list of IP ranges, scans them, and
generates a spreadsheet with the systems it found, the vulnerability
status, dns and netbios names, domain, user, and mac address. This has
been useful it tracking down and disconnecting people who don't want to
patch their systems for whatever reason.
 
Jerry

        -----Original Message-----
        From: Nadeem Rafi [mailto:nrafi () jeraisy com] 
        Sent: Wednesday, September 03, 2003 5:07 AM
        To: full-disclosure () lists netsys com
        Subject: [Full-disclosure] Scanning the PCs for RPC
Vulnerability
        
        
        I have found some faults in the scanning tools available from
Foundstone and Microsoft for RPC vulnerable machines. Both of  these
tools are not error free. These tools are showing the ip addresses of
even those machines which are Windows 9x, Windows98/Sec, Windows ME.
Both tools are not free from this error.
        And Foundstone's RPC Scan tool is even more error prone. If you
even applied all the patches in correct  sequence even then some of my
machines are reported as "Vulnerable".
         
        Any body have any experience with these problems or any
suggestions please let me know.
         
        Best Regards,
         
        Nadeem Rafi


Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

Current thread:

Scanning the PCs for RPC Vulnerability Nadeem Rafi (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Marc Maiffret (Sep 03)
- <Possible follow-ups>
- RE: Scanning the PCs for RPC Vulnerability Jerry Heidtke (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Schmehl, Paul L (Sep 03)
- Re: Scanning the PCs for RPC Vulnerability Ty Bodell (Sep 03)
- Scanning the PCs for RPC Vulnerability Nadeem Rafi (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Jerry Heidtke (Sep 03)
- Re: Scanning the PCs for RPC Vulnerability rjemckay (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability B3r3n (Sep 03)