Full Disclosure mailing list archives

RE: RPC scanners

From: deji <deji () akomolafe com>
Date: Fri, 12 Sep 2003 10:07:44 -0700

Paul, the MS Scanner actually give yous a report of what's missing. Use the /l:Logfilename option and it will produce a 
nice little log file with the following entries:

Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
192.168.11.250: patched with KB824146 and KB823980
192.168.11.246: patched with KB824146 and KB823980
192.168.11.247: patched with KB824146 and KB823980
<snip>

This is in addition to the /o option that only lists the IP addresses of suspect systems.

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon



From: Schmehl, Paul L
Sent: Fri 9/12/2003 7:18 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] RPC scanners


My $0.02.

The MS scanner covers a /16 in about two hours.  It *will* report Win9x
machines as vulnerable, but that's a price I'm willing to pay.
Unfortunately it gives you an IP list with no indication of what is
wrong with the box.  (Is it missing both 026 & 039?  Just 039?)  But it
allows you to script things that can help automate remediation
processes.

The eEye scanner works very well, but it limits you to a /24, which is a
bit of a pain.  We use it for monitoring the worst offenders (VLANS, not
people.)

The Foundstone scanner?  Well, I started scanning the /16 last night
around 6PM.  It's at 62582 addresses right now, so I suppose it will
finish some time today.  Not good.  I was surprised, because their SQL
scanner is very fast.  It covers a /16 in about an hour.  Don't know
what the problem is, but something is definitely wrong.

I haven't tried any other scanners.  I'll stick with the MS and eEye
scanners.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RPC scanners Schmehl, Paul L (Sep 12)
- RE: RPC scanners deji (Sep 12)
- <Possible follow-ups>
- RE: RPC scanners Brown, Randy (InfoSec) (Sep 12)
- RE: RPC scanners Matthew Wagenknecht (Sep 12)
- RE: RPC scanners Schmehl, Paul L (Sep 12)