Показано с 1 по 1 из 1.

детект conficker-а с помощью nmap 4.85BETA7

  1. #1
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Вес репутации

    детект conficker-а с помощью nmap 4.85BETA7

    The Conficker worm is receiving a lot of attention because of its vast scale (millions of machines infected) and advanced update mechanisms. Conficker isn't the end of the Internet (despite some of that hype), but it is a huge nuisance we can all help to clean up.

    Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X. To scan for Conficker, use a command such as:
    nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [targetnetworks]

    You will only see Conficker-related output if either port 139 or 445 are open on a host. A clean machine reports at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”. For more advice, see this nmap-dev post by Brandon Enright. Dan Kaminsky broke the story on Doxpara.com.

    While Conficker gets all the attention, 4.85BETA7 also has many other great improvements.

    Update: Changed version from 4.85BETA5 (first to detect Conficker) to 4.85BETA7, which includes further Conficker detection improvements, among other changes.

    Добавлено через 20 минут

    Host script results:
    | smb-os-discovery: Windows XP
    | LAN Manager: Windows 2000 LAN Manager
    | Name: ***\***
    |_ System time: 2009-04-08 15:50:04 UTC+7
    | smb-check-vulns:
    | MS08-067: Check disabled (remove 'safe=1' argument to run)
    | Conficker: Likely CLEAN
    |_ regsvc DoS: Check disabled (add --script-args=unsafe=1 to run)

    Read data files from: C:\Program Files\Nmap
    Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
    Raw packets sent: 3 (130B) | Rcvd: 3 (130B)
    Последний раз редактировалось santy; 08.04.2009 в 13:03. Причина: Добавлено

  2. Реклама

Похожие темы

  1. Новая версия сетевого сканера безопасности Nmap - 5.20
    От Kuzz в разделе Новости компьютерной безопасности
    Ответов: 0
    Последнее сообщение: 22.01.2010, 20:27
  2. Множественные уязвимости в Novell NetMail NMAP/IMAP
    От ALEX(XX) в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 26.12.2006, 09:02

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
Page generated in 0.01263 seconds with 16 queries