conficker script in NMAP

["Watson, Deborah L" <dwatson () pmrg com>]

Is there a reverence for understanding the output of the script.

 

I am getting some responses from some systems and
NT_STATUS_ACCESS_DENIED from others. I am thinking I need to provide
credentials, but not finding an option for that.

 

Ran like this: sudo -sC -p 445 -T4 -d -n -oA conficker_scan
--min-hostgroup 256 --min-parallelism 64 --script smb-check-vulns
--script-args safe=1 10.2.105.0/24

Also output is a little confusing:

 

Result example 1: this example seems to have an access issue - is there
a way to fix this?

 

Host 10.2.105.19 appears to be up ... good.

Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s

Interesting ports on 10.2.105.19:

PORT    STATE SERVICE      REASON

445/tcp open  microsoft-ds syn-ack

 

 

Host script results:

|  smb-check-vulns:  

|  MS08-067: NOT RUN

|  Conficker: Likely CLEAN

|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Final times for host: srtt: 0 rttvar: 3750  to: 100000

 

 

Result Example 2 - this looks like it ran, but what dos MS08-076: NOT
RUN mean? We have verified that the patch is in fact installed.

Host 10.2.105.22 appears to be up ... good.

Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s

Interesting ports on 10.2.105.22:

PORT    STATE SERVICE      REASON

445/tcp open  microsoft-ds syn-ack

 

 

Host script results:

|  smb-check-vulns:  

|  MS08-067: NOT RUN

|  Conficker: Likely CLEAN

|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Final times for host: srtt: 2000 rttvar: 7750  to: 100000

 

 

Thank you,

Deborah Watson | IT Infrastructure Manager | CISSP, GCIA, GCIH, MCSE

 

PM Realty Group
1000 Main, Suite 2400 | Houston, TX 77002 
O 713.209.5966 | C 713.826.9201 | F 713.209.5966

 

dwatson () pmrg com <mailto:dwatson () pmrg com>  | www.pmrg.com
<http://www.pmrg.com/> 

 

...because Performance Matters

 


Disclaimer:  This e-mail, including any attachments, may contain confidential and privileged information for the sole 
use of the intended recipient.  Any review, use, distribution, disclosure or any action taken or omitted to be taken by 
others in reliance on it, is strictly prohibited.  If you are not the intended recipient (or authorized to receive 
information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this 
message.   Notwithstanding any quotations or references to proposed fees, rates, commissions or prices contained in 
this communication, such matters do not constitute offers and will not bind the sender, his employer or their 
affiliates unless received by the recipient in writing signed by an authorized representative.  


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org