North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: MSBlast CLI scanner (unix)?
David- There is no reliable way to detect if a computer is infected with blaster without logging into it and looking for the reg key or the executable. The backdoors (tftp and 4444) are not permanent. ISS X-Force released a great scanner for the vulnerability itself. It does two different checks to see if a box is patched, and it will detect the difference between a machine that has DCOM disabled or if it is patched. It's available here: http://www.iss.net/support/product_utilities/ms03-026rpc.php Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D [email protected] 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: David A. Ulevitch [mailto:[email protected]] Sent: Friday, August 15, 2003 4:34 PM To: [email protected] Subject: MSBlast CLI scanner (unix)? Nanog'ers, I've seen a couple of the windows-based MSBlast scanners but I'm looking for a unix tool to simply plug in an IP/netmask and have it scan via the command line and return the status of the vulnerability (patched, unaffected, exploited, etc). Has anyone found or heard of one that runs on *nix or have any other suggestions? thanks, davidu ---------------------------------------------------- David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis ----------------------------------------------------
|