[60765] in North American Network Operators' Group
RE: MSBlast CLI scanner (unix)?
daemon@ATHENA.MIT.EDU (Ingevaldson, Dan (ISS Atlanta))
Fri Aug 15 16:54:08 2003
Date: Fri, 15 Aug 2003 16:51:27 -0400
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>
To: "David A. Ulevitch" <davidu@everydns.net>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
David-
There is no reliable way to detect if a computer is infected with
blaster without logging into it and looking for the reg key or the
executable. The backdoors (tftp and 4444) are not permanent. ISS
X-Force released a great scanner for the vulnerability itself. It does
two different checks to see if a box is patched, and it will detect the
difference between a machine that has DCOM disabled or if it is patched.
It's available here:
http://www.iss.net/support/product_utilities/ms03-026rpc.php
Regards,
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Daniel Ingevaldson
Engineering Manager, X-Force R&D
dsi@iss.net=20
404-236-3160
=20
Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
-----Original Message-----
From: David A. Ulevitch [mailto:davidu@everydns.net]=20
Sent: Friday, August 15, 2003 4:34 PM
To: nanog@merit.edu
Subject: MSBlast CLI scanner (unix)?
Nanog'ers,
I've seen a couple of the windows-based MSBlast scanners but I'm looking
for a unix tool to simply plug in an IP/netmask and have it scan via the
command line and return the status of the vulnerability (patched,
unaffected, exploited, etc).
Has anyone found or heard of one that runs on *nix or have any other
suggestions?
thanks,
davidu
----------------------------------------------------
David A. Ulevitch -- http://david.ulevitch.com
http://everydns.net -+- http://communitycolo.net
Campus Box 6957 + Washington University in St. Louis
----------------------------------------------------
