Penetration Testing mailing list archives

Re: MS05-039 Scanner

From: Matt Burrough <mburrough () gmail com>
Date: Thu, 18 Aug 2005 23:48:14 -0400

We run this Nessus plugin as well as a number of others continually on
our network.  Our server takes about two hours to go through the
entire network once.  Although we aren't close to using every address
yet.

I successfully scanned a full class-B network with Nessus by doing the
following:

1) Download all latest plugins (to get MS05-039 plugin)
2) Start Nessusd
3) Start Nessus, log in
4) In the "Plugins" tab, click Disable All, then scroll down to Windows,
select it, and from the bottom window, select ONLY "Vulnerability in
Plug and Play...."
5) In the "Scan Options" tab, deselect all scans, but select "Ping the
remote host".  Only the bottom two checkboxes should be checked (the
other one's "Exclude toplevel...".  Also, increase "Number of hosts to
test at the same time" to something like 100.
6) In the "Prefs" tab, scroll down to "Ping the remote host", and in
"TCP ping dest port", enter "445".  Check "Do a TCP ping", and uncheck
all other pings.
7) In Target, enter your class B (192.168.0.0/16, or something like that)
8) Click "Start the scan".

For me, running on a laptop with Centrino 1.2 ghz and 100baseT ethernet,
I scanned a class B in around 4 hours.  Not the fastest, but not bad.

                --Graeme Connell


michael_black () comcast net wrote:

All,

Does anyone know of any available scanners for this vulnerability? I know Tenable has a plugin for Nessus and eEye 
has a free one for up to 16 hosts, but I need one for a Class B network and I need it tonight (long story, but I am 
sure some of you understand management pressures). I know eEye sells a version of theirs for larger networks, but I 
cannot get anyone on the phone at either Tenable or eEye, any suggestions?


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

MS05-039 Scanner michael_black (Aug 16)
- Re: MS05-039 Scanner Base64 (Aug 16)
- Re: MS05-039 Scanner Jeff Bryner (Aug 16)
- Re: MS05-039 Scanner rusty chiles (Aug 16)
- Re: MS05-039 Scanner Graeme Connell (Aug 18)
  - Re: MS05-039 Scanner Matt Burrough (Aug 18)
- <Possible follow-ups>
- RE: MS05-039 Scanner Steve.Cummings (Aug 16)
- RE: MS05-039 Scanner MacEwen, Jeffrey B. (Aug 16)
- RE: MS05-039 Scanner Marc Maiffret (Aug 17)
  - Re: MS05-039 Scanner fatb (Aug 18)
  - Re: MS05-039 Scanner Byron L. Sonne (Aug 18)
- Re: MS05-039 Scanner michael_black (Aug 17)
- RE: MS05-039 Scanner Beauford, Jason (Aug 18)
  - Re: MS05-039 Scanner fatb (Aug 19)
  - Re: MS05-039 Scanner David Cravshaw (Aug 19)
- RE: MS05-039 Scanner MacEwen, Jeffrey B. (Aug 19)