Full Disclosure mailing list archives
RE: RPC scanners
From: deji <deji () akomolafe com>
Date: Fri, 12 Sep 2003 10:07:44 -0700
Paul, the MS Scanner actually give yous a report of what's missing. Use the /l:Logfilename option and it will produce a nice little log file with the following entries: Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. 192.168.11.250: patched with KB824146 and KB823980 192.168.11.246: patched with KB824146 and KB823980 192.168.11.247: patched with KB824146 and KB823980 <snip> This is in addition to the /o option that only lists the IP addresses of suspect systems. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Schmehl, Paul L Sent: Fri 9/12/2003 7:18 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] RPC scanners My $0.02. The MS scanner covers a /16 in about two hours. It *will* report Win9x machines as vulnerable, but that's a price I'm willing to pay. Unfortunately it gives you an IP list with no indication of what is wrong with the box. (Is it missing both 026 & 039? Just 039?) But it allows you to script things that can help automate remediation processes. The eEye scanner works very well, but it limits you to a /24, which is a bit of a pain. We use it for monitoring the worst offenders (VLANS, not people.) The Foundstone scanner? Well, I started scanning the /16 last night around 6PM. It's at 62582 addresses right now, so I suppose it will finish some time today. Not good. I was surprised, because their SQL scanner is very fast. It covers a /16 in about an hour. Don't know what the problem is, but something is definitely wrong. I haven't tried any other scanners. I'll stick with the MS and eEye scanners. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RPC scanners Schmehl, Paul L (Sep 12)
- RE: RPC scanners deji (Sep 12)
- <Possible follow-ups>
- RE: RPC scanners Brown, Randy (InfoSec) (Sep 12)
- RE: RPC scanners Matthew Wagenknecht (Sep 12)
- RE: RPC scanners Schmehl, Paul L (Sep 12)