Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: article about Conficker says nmap can be used to discover it

From: Jay Fink <jay.fink () gmail com>
Date: Mon, 30 Mar 2009 15:46:24 -0400
We tested it where I work, we successfully ran it against a subnet
with about 200 some odd hosts.
We saw 0 problems.

thx,
 j



On Mon, Mar 30, 2009 at 3:15 PM, Corey Chandler <lists () sequestered net> wrote:

Fyodor wrote:


http://www.skullsecurity.org/blog/?p=209

If anyone is able to test this, please do report your results!  As
we've been pretty rushed since we just found out about the technique
yesterday.



Ran it across our desktop network here.

bash-3.2# nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d
10.10.1.0/24 |grep Conficker

|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN

I assume the NT_STATUS_OBJECT_NAME_NOT_FOUND implies it's not an actual
Windows box?  We do have some Ubuntu / Mac users here...

--
Corey Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: Me no internet, only janitor, me just wax floors


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: