Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Conficker - your opion on how to determine the source of infection on a given network

From: Gerardo Castillo Alvarado <gecastillo () edelca com ve>
Date: Tue, 25 Aug 2009 14:44:57 -0430


I would like to identify the SOURCE computer where the "downadup.a" worm variant originated a given network which has 
been infected.
  


you can check the netlogon to look for lockout accounts or failure code.
otherwise, check this tool [1] to remotely detect the Conficker worm.


[1] http://seclists.org/nmap-hackers/2009/0001.html

Best regards!


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: