Re: [NSE] MS08-067 check

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 09 Nov 2008 13:12:53 -0600
Ron <ron () skullsecurity net> wrote:

> Nevermind, I got it! I even got both my test boxes to crash at the
> same time (rolls eyes):
>
> --
> Host script results:
> |_ ./scripts/smb-checkvulns.nse: This host is likely vulnerable to
> ms08-067 (it stopped responding during the test)
> Final times for host: srtt: 16691 rttvar: 16812  to: 100000
> --
>
> Ron

I've chatted in private with Ron about this script but I wanted to
broadcast my praise of it to a larger audience :)

We've been using this script for several days now with quite a bit of
success.  It does have the bad habit of crashing a lot of our
vulnerable hosts but it also /seems/ more comprehensive/complete than a
commercial vulnerability scanner we have that doesn't crash many hosts.

My only recommendation for this script (really, the SMB library) is to
change the SMB mutex from a global one to a per-IP one.  When scanning
thousands of SMB endpoints serial checking is rather slow.  The only
potential trouble a per-IP mutex would cause is if a dual-homed Windows
machine has the unfortunate luck of being scanned simultaneously on
multiple IPs.

Great work Ron, thanks a bunch for these libraries and this script!

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkkbLkMACgkQqaGPzAsl94L1YACfRuDs1OakbFZkM6uXF/0+RCGj
s8gAoIRN1I7iS8pZhllxw+tqEBXuRabt
=r2l2
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org