nanog mailing list archives
RE: MSBlast CLI scanner (unix)?
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>
Date: Fri, 15 Aug 2003 16:51:27 -0400
David- There is no reliable way to detect if a computer is infected with blaster without logging into it and looking for the reg key or the executable. The backdoors (tftp and 4444) are not permanent. ISS X-Force released a great scanner for the vulnerability itself. It does two different checks to see if a box is patched, and it will detect the difference between a machine that has DCOM disabled or if it is patched. It's available here: http://www.iss.net/support/product_utilities/ms03-026rpc.php Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D dsi () iss net 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: David A. Ulevitch [mailto:davidu () everydns net] Sent: Friday, August 15, 2003 4:34 PM To: nanog () merit edu Subject: MSBlast CLI scanner (unix)? Nanog'ers, I've seen a couple of the windows-based MSBlast scanners but I'm looking for a unix tool to simply plug in an IP/netmask and have it scan via the command line and return the status of the vulnerability (patched, unaffected, exploited, etc). Has anyone found or heard of one that runs on *nix or have any other suggestions? thanks, davidu ---------------------------------------------------- David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis ----------------------------------------------------
Current thread:
- RE: MSBlast CLI scanner (unix)? Ingevaldson, Dan (ISS Atlanta) (Aug 15)