PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Scanning for Confiker via nmap

From: abcampa at gmail.com (Albert R. Campa)
Date: Mon, 30 Mar 2009 11:11:08 -0500
interesting, so not having looked at this yet, whats the difference between
that and scanning with Nessus?


__________________________________
Albert R. Campa


2009/3/30 John Sawyer <jsawyer at ufl.edu>


 The Conficker check is in the latest SVN version of Nmap. It's in the
smb-check-vulns.nse which now checks for Conficker, MS08-067 and a regsvc
DoS.

nmap --script smb-check-vulns.nse -p445

For safety's sake, you might want to also run it with
--script-args=unsafe=1 to prevent possible crashes from the regsvc check.
That should not turn off the conficker check.

-jhs

 On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote:

 According to this:
http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/

A script should be released today to scan for conficker-infected
machines over the wire.

I looked at the NSE portal and haven't seen anything yet - would it
show up there, or is there a development site or repository where this
will first appear?

I'd like to get a scan in before April 1st, when variant C drops.

--
- Chris Merkel
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090330/767756c6/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: