Nmap Development mailing list archives
Problems Detecting Conficker clean or infected
From: "Falkenstein, Kevin" <Kevin.Falkenstein () Level3 com>
Date: Tue, 31 Mar 2009 10:05:10 -0600
Good day, I have installed your latest beta and am running it on a Windows XP system to scan some windows based servers for Conficker. I get an unexpected error when I can. Command line output: C:\Program Files\Nmap>nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 idc1srv0001 Starting Nmap 4.85BETA5 ( http://nmap.org ) at 2009-03-31 09:48 Mountain Daylight Time Initiating SYN Stealth Scan at 09:48 Scanning 10.1.217.250 [2 ports] Discovered open port 139/tcp on 10.1.217.250 Discovered open port 445/tcp on 10.1.217.250 Completed SYN Stealth Scan at 09:48, 0.11s elapsed (2 total ports) NSE: Initiating script scanning. Initiating NSE at 09:48 Completed NSE at 09:49, 5.15s elapsed Host 10.1.217.250 appears to be up ... good. Interesting ports on 10.1.217.250: PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Read data files from: C:\Program Files\Nmap Nmap done: 1 IP address (1 host up) scanned in 5.58 seconds Raw packets sent: 2 (88B) | Rcvd: 2 (88B) I would expect to see conficker: Likely Clean or Likely infected. Any advice would be greatly appreciated. Kevin Falkenstein Level 3 Communications Kevin () level3 com<mailto:Kevin () level3 com> 720 888 3012 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Problems Detecting Conficker clean or infected Falkenstein, Kevin (Mar 31)
- Re: Problems Detecting Conficker clean or infected jah (Mar 31)