PaulDotCom mailing list archives

Scanning for Confiker via nmap

From: rbutturini at epictn.com (Russell Butturini)
Date: Tue, 31 Mar 2009 09:31:16 -0500

I found you need to add the -vv (very verbose) flag using that command.
Otherwise you don't see the script results.  See below:

 

Discovered open port 445/tcp on x.x.x.x

Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports)

NSE: Initiating script scanning.

Initiating NSE at 09:29

Completed NSE at 09:29, 0.50s elapsed

Host x.x.x.x appears to be up ... good.

Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s

Interesting ports on x.x.x.x:

PORT    STATE SERVICE

445/tcp open  microsoft-ds

MAC Address: 00:11:25:E9:04:52 (IBM)

 

Host script results:

|  smb-check-vulns:

|  MS08-067: FIXED

|  Conficker: Likely CLEAN

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Dan Baxter
Sent: Tuesday, March 31, 2009 9:01 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Scanning for Confiker via nmap

 

So forgive my lack of nmap-fu, but if I run this what am I looking for?
I get back responses that list some with 445 open, some closed and a few
filtered.  How do I determine which may be infected.


for clarification I'm running nmap -p 445 --script smb-check-vulns.nse

Thanks

Dan Baxter
-------------------------------------------------
Quis custodiet ipsos custodes?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090331/991d395f/attachment.htm

Current thread:

Scanning for Confiker via nmap Chris Merkel (Mar 30)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
  - Scanning for Confiker via nmap Josh Olson (Mar 30)
  - Scanning for Confiker via nmap John Sawyer (Mar 30)
  - Scanning for Confiker via nmap Albert R. Campa (Mar 30)
    - Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
    - Scanning for Confiker via nmap John Sawyer (Mar 30)
    - Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
    - Scanning for Confiker via nmap Dan Baxter (Mar 31)
    - Scanning for Confiker via nmap Russell Butturini (Mar 31)
    - Scanning for Confiker via nmap Dan Baxter (Mar 31)
    - Scanning for Confiker via nmap Tim Mugherini (Mar 31)
    - Scanning for Confiker via nmap Nick Baronian (Mar 31)
    - Scanning for Confiker via nmap Tim Mugherini (Mar 31)
    - Scanning for Confiker via nmap xgermx (Mar 31)
    - Scanning for Confiker via nmap Tim Mugherini (Mar 31)
    - Scanning for Confiker via nmap Chris Merkel (Mar 31)
    - Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
    - Scanning for Confiker via nmap John Sawyer (Mar 30)
    - Scanning for Confiker via nmap Paul Asadoorian (Mar 30)

(Thread continues...)