Full Disclosure mailing list archives
RE: Foundstone DCOM Scanner
From: "Marc Maiffret" <marc () eeye com>
Date: Fri, 12 Sep 2003 01:16:39 -0700
If you have any specific bug in our tool that you know of I would love to know about it. We currently do not have any reports. It obviously is good to be the first however it is simple logic to understand that being the first, with a broken tool, will not leave a good taste in clients mouths, therefore quickest to the market is not always good in the long run. so with that you should always want to strive for accuracy, although knowing not everything will be perfect. that is at least what i think... Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: full-disclosure-admin () lists netsys com | [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Byron | Copeland | Sent: Thursday, September 11, 2003 9:12 PM | To: 'Marc Soda'; 'Jerry Heidtke' | Cc: 'Jones, David H'; full-disclosure () lists netsys com | Subject: RE: [Full-disclosure] Foundstone DCOM Scanner | | | | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | Personally I'd look at more than just port 135. Hint? | | ISS has in the past produced command line scanners that could be | used in scripts, but haven't seen anything new from those folks | as of late. | | A GUI based scanner would prove to be challenging in that respect | and free scanners from eeye and foundstone and ISS are usually | limited to class C unless you want to pay +900.00 dollars for the | unpredictability they are offering. Couldn't tell you why that | is the cased though, perhaps it is based on who has the first | tool available the quickest to the public or just don't quite | understand how to check for it properly on all platforms. | | Quickest to market makes the fastest bucks, right? Hmmm. | | - -b | | | - -- "I always wonder why people choose to support MS and then | complain about all of these issues that are known in advance." | - --- someone is this NG | | | | > -----Original Message----- | > From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- | > admin () lists netsys com] On Behalf Of Marc Soda | > Sent: Thursday, September 11, 2003 9:58 PM | > To: Jerry Heidtke | > Cc: Jones, David H; full-disclosure () lists netsys com | > Subject: RE: [Full-disclosure] Foundstone DCOM Scanner | > | > I have come to similar conclusions as well, it's either not accurate, | > not easily used in scripts or doesn't scan enough IPs at once. I have | > multiple /16s to scan, so I modified the plugin from nessus. | > | > When I say modified I really only changed it to look at port 135, the | > rest is the same. I'm running nessus, with only that plugin enabled and | > every thing else turned off, from the command line (I had problems with | > the GUI crashing with a large number of addresses). It runs faster and | > more accurately than any other I have tried. | > | > -- | > Marc Soda | > msoda () comcast net | > PGP Key Id: 0xBCCBBF61 | > | > On Thu, 2003-09-11 at 17:39, Jerry Heidtke wrote: | > > Except it mistakenly identifies lots of patched systems as still | > > vulnerable. | > > | > > I've tested five different free tools today. Here's a summary of my | > > results: | > > | > > KB824146Scan.exe | > > | > > Microsoft's scanner. Many errors and accuracy problems. Basically | > > unusable. | > > Command line scanner with flexible input and output options, but can't | > > reliably | > > identify Windows 9x systems, systems with DCOM disabled, or some | > > non-standard systems. | > > | > > PTms03039.exe | > > | > > GUI utility from Positive Technologies (http://www.ptsecurity.com). | > > Scans single addresses only, selectable target port. | > > Reliability unknown. | > > | > > RetinaRPCDCOM.exe | > > | > > GUI utility from Retina. Scans up to Class C. | > > Can save output as text or csv file. | > > Very accurate. Currently version 1.10. | > > | > > xfrpcss.exe | > > | > > Command line scanner from ISS. Can scan unlimited addresses, simple | > > usable output. | > > Not very accurate. Identifies many patched systems as still | vulnerable. | > > | > > RPCScan2.exe | > > | > > GUI utility from Foundstone. No limits of scan ranges, can read input | > > file. | > > Can save output as text or csv file. | > > Not very accurate. Identifies many patched systems as still | vulnerable, | > > especially NT. | > > | > > I'm looking for something that I can scan almost a whole class B, | > > that is a scriptable command line scanner (STDIO) and that is accurate | > > enough to base decisions on about disconnecting unpatched | workstations, | > > in order to try to protect some patient care devices that | cannot legally | > > be patched but must (for now) remain on our production network. | > > | > > I haven't seen anything yet that meets these simple requirements. | > > | > > Jerry | > > | > > -----Original Message----- | > > From: Jones, David H [mailto:Jones.David.H () principal com] | > > Sent: Thursday, September 11, 2003 2:45 PM | > > To: full-disclosure () lists netsys com | > > Subject: [Full-disclosure] Foundstone DCOM Scanner | > > | > > | > > Foundstone has released version 2 of their free scanning tool. IMHO, | > > this is the best, free tool I've found to scan a class b. | > > | > > http://www.foundstone.com | > > | > > _______________________________________________ | > > Full-Disclosure - We believe in it. | > > Charter: http://lists.netsys.com/full-disclosure-charter.html | > > | > > Confidentiality Notice: This e-mail message, including any | attachments, | > > is for the sole use of the intended recipient(s) and may contain | > > confidential and privileged information. Any unauthorized | review, use, | > > disclosure or distribution is prohibited. If you are not the intended | > > recipient, please contact the sender by reply e-mail and destroy all | > > copies of the original message. | > > | > > _______________________________________________ | > > Full-Disclosure - We believe in it. | > > Charter: http://lists.netsys.com/full-disclosure-charter.html | > | > | > _______________________________________________ | > Full-Disclosure - We believe in it. | > Charter: http://lists.netsys.com/full-disclosure-charter.html | | -----BEGIN PGP SIGNATURE----- | Version: PGP 8.0 | | iQA/AwUBP2FHjWHZJr/4PEW4EQKwBACgsctoWlrc/nAU+l3RHWZmw5eJoVwAnRN1 | W78hkstaUZcdkAk8r2EYFOyv | =mmnr | -----END PGP SIGNATURE----- | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Foundstone DCOM Scanner Jones, David H (Sep 11)
- Re: Foundstone DCOM Scanner Chris Sharp (Sep 11)
- Re: Foundstone DCOM Scanner Jarmo Joensuu (Sep 11)
- <Possible follow-ups>
- RE: Foundstone DCOM Scanner Jerry Heidtke (Sep 11)
- RE: Foundstone DCOM Scanner Marc Soda (Sep 11)
- RE: Foundstone DCOM Scanner Byron Copeland (Sep 11)
- RE: Foundstone DCOM Scanner Marc Maiffret (Sep 12)
- RE: Foundstone DCOM Scanner Marc Soda (Sep 11)
- Re: Foundstone DCOM Scanner Chris Sharp (Sep 11)
- RE: Foundstone DCOM Scanner Jerry Heidtke (Sep 11)
- Re: DCOM MS03-26/MS03-39 Scanners Craig Pratt (Sep 20)