Thread specifically for Conficker script ERROR messages

[Ionreflex <ionreflex () gmail com>]

Hi all,
I was about to post the different ERROR messages I got scanning earlier
today - about 5PM EST - when I decided it better to do my homeworks and
research them myself; I cleared most of them - thanks to Ron's blog and
Google - but checking back to the list I guess I wasn't the only one
struggling to clarify everything! So I've decided to make this thread out of
the Nmap-DEV list, hopefully not for nothing, hopefully of value for
somebody...


   - ERROR: DOS_STATUS_NONSPECIFIC_ERROR > normally not a Windoze box, more
   like a network appliance of some kind (NAS)
   - ERROR: SMB: Failed to receive bytes: TIMEOUT > the change to go from
   5ms to 20ms didn't fix it for me, had to double-check the boxes (Some
   Windoze, some Nix...)
   - ERROR: SMB: Failed to receive bytes: ERROR > correction : one host gave
   me this after the 20ms edit!
   - ERROR: SMB: ERROR: Ran off the end of SMB packet; likely due to server
   truncation [12] > in my case, printers!
   - ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND > had to double-check those too,
   some Windoze, some Nix...
   - ERROR: NT_STATUS_ACCESS_DENIED > all fully-patched Vista/2008 boxes
   gave me that message! Some also reported this kind of message probably means
   Conficker doesn't have a chance...


Paleez don't take those statements as facts : those are personal
observations that could totally differ from your experiences, I'm far from a
network expert but I débrouille myself! I didn't get the chance to use
BETA6, maybe it is in fact more accurate, I'll hope for the best while
dreaming it an April fool after all!

I personnally didn't stumble upon "Likely INFECTED!"... lucky me! ;o)

Anyhow this is it, I encourage everybody to add to it and even make me
wrong!

Seeya



Ion

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org