[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] RPC scanners

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] RPC scanners
From: deji <deji@xxxxxxxxxxxxx>
Date: Fri, 12 Sep 2003 10:07:44 -0700

Paul, the MS Scanner actually give yous a report of what's missing. Use the 
/l:Logfilename option and it will produce a nice little log file with the 
following entries:

Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
192.168.11.250: patched with KB824146 and KB823980
192.168.11.246: patched with KB824146 and KB823980
192.168.11.247: patched with KB824146 and KB823980
<snip>

This is in addition to the /o option that only lists the IP addresses of 
suspect systems.

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? 
 -anon



From: Schmehl, Paul L
Sent: Fri 9/12/2003 7:18 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] RPC scanners


My $0.02.

The MS scanner covers a /16 in about two hours.  It *will* report Win9x
machines as vulnerable, but that's a price I'm willing to pay.
Unfortunately it gives you an IP list with no indication of what is
wrong with the box.  (Is it missing both 026 & 039?  Just 039?)  But it
allows you to script things that can help automate remediation
processes.

The eEye scanner works very well, but it limits you to a /24, which is a
bit of a pain.  We use it for monitoring the worst offenders (VLANS, not
people.)

The Foundstone scanner?  Well, I started scanning the /16 last night
around 6PM.  It's at 62582 addresses right now, so I suppose it will
finish some time today.  Not good.  I was surprised, because their SQL
scanner is very fast.  It covers a /16 in about an hour.  Don't know
what the problem is, but something is definitely wrong.

I haven't tried any other scanners.  I'll stick with the MS and eEye
scanners.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] RPC scanners
  - From: Schmehl, Paul L

Prev by Date: RE: [Full-Disclosure] RPC scanners
Next by Date: Re: [Full-Disclosure] Unwanted file download on Yahoo
Previous by thread: [Full-Disclosure] RPC scanners
Next by thread: RE: [Full-Disclosure] RPC scanners
Index(es):
- Date
- Thread