Scanning for Confiker via nmap

[jsawyer at ufl.edu (John Sawyer)]

BTW, I fat-fingered the last part of the message. Enabling that flag  
*will* enable the check for the DoS so use it at your own risk.

-jhs

On Mar 30, 2009, at 11:22 AM, John Sawyer wrote:

> The Conficker check is in the latest SVN version of Nmap. It's in  
> the smb-check-vulns.nse which now checks for Conficker, MS08-067 and  
> a regsvc DoS.
>
> nmap --script smb-check-vulns.nse -p445
>
> For safety's sake, you might want to also run it with --script- 
> args=unsafe=1 to prevent possible crashes from the regsvc check.  
> That should not turn off the conficker check.
>
> -jhs
>
> On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote:
>
> > According to this:
> > http://www.theregister.co.uk/2009/03/30/ 
> > conficker_signature_discovery/
> >
> > A script should be released today to scan for conficker-infected
> > machines over the wire.
> >
> > I looked at the NSE portal and haven't seen anything yet - would it
> > show up there, or is there a development site or repository where  
> > this
> > will first appear?
> >
> > I'd like to get a scan in before April 1st, when variant C drops.
> >
> > -- 
> > - Chris Merkel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090330/453c062b/attachment.htm