Re: How to use Nmap to scan very large networks for Conficker

[Brandon Enright <bmenrigh () ucsd edu>]

You're the second person to report this to me.  The other gentleman  
built from the tarball on Fedora 9.  I'll forward/gather more  
information when I'm in front of a computer.

Brandon

Sent from my phone.  If you would like a digital signature for this  
email let me know and I will sign it later.


On Mar 31, 2009, at 8:01, Lionel Cons <lionel.cons () cern ch> wrote:

> Brandon Enright <bmenrigh () ucsd edu> writes:
> > sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \
> > -d -PN -n -T4  --min-hostgroup 256 --min-parallelism 64 \
> > -oA conficker_scan <your network(s) here>
>
> This looks great but when I run it I get after some time:
>
> [...]
> Discovered open port 445/tcp on 10.1.166.22
> Discovered open port 445/tcp on 10.1.161.22
> Completed SYN Stealth Scan at 09:58, 1.90s elapsed (1024 total ports)
> Overall sending rates: 653.08 packets / s, 28735.55 bytes / s.
> NSE: Initiating script scanning.
> NSE: Script scanning 1024 hosts.
> NSE: Matching rules.
> NSE: Running scripts.
> NSE: Runlevel: 2.000000
> Initiating NSE at 09:58
> Running 3 script threads:
> NSE (47.564s): Starting smb-check-vulns against 10.1.161.21.
> NSE (47.564s): Starting smb-check-vulns against 10.1.161.22.
> NSE (47.564s): Starting smb-check-vulns against 10.1.166.22.
> evp_enc.c(261): OpenSSL internal error, assertion failed: inl > 0
> Aborted
>
> Any clue?
>
> Cheers,
>
> Lionel Cons

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org