[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] RPC scanners

To: "deji" <deji@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] RPC scanners
From: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
Date: Fri, 12 Sep 2003 15:12:37 -0500

Thanks for the helpful tip.
 
 

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

        -----Original Message-----
        From: deji [mailto:deji@xxxxxxxxxxxxx] 
        Sent: Friday, September 12, 2003 12:08 PM
        To: full-disclosure@xxxxxxxxxxxxxxxx
        Subject: RE: [Full-Disclosure] RPC scanners
        
        
        Paul, the MS Scanner actually give yous a report of what's missing. Use 
the /l:Logfilename option and it will produce a nice little log file with the 
following entries:
         
        Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86
        Copyright (c) Microsoft Corporation 2003. All rights reserved.
        192.168.11.250: patched with KB824146 and KB823980
        192.168.11.246: patched with KB824146 and KB823980
        192.168.11.247: patched with KB824146 and KB823980
        <snip>
         
        This is in addition to the /o option that only lists the IP addresses 
of suspect systems.
         
        
        Sincerely,
        
        Dèjì Akómöláfé, MCSE MCSA MCP+I
        www.akomolafe.com
        www.iyaburo.com
        Do you now realize that Today is the Tomorrow you were worried about 
Yesterday?  -anon

  _____  

        From: Schmehl, Paul L
        Sent: Fri 9/12/2003 7:18 AM
        To: full-disclosure@xxxxxxxxxxxxxxxx
        Subject: [Full-Disclosure] RPC scanners
        
        
        My $0.02.
        
        The MS scanner covers a /16 in about two hours.  It *will* report Win9x
        machines as vulnerable, but that's a price I'm willing to pay.
        Unfortunately it gives you an IP list with no indication of what is
        wrong with the box.  (Is it missing both 026 & 039?  Just 039?)  But it
        allows you to script things that can help automate remediation
        processes.
        
        The eEye scanner works very well, but it limits you to a /24, which is a
        bit of a pain.  We use it for monitoring the worst offenders (VLANS, not
        people.)
        
        The Foundstone scanner?  Well, I started scanning the /16 last night
        around 6PM.  It's at 62582 addresses right now, so I suppose it will
        finish some time today.  Not good.  I was surprised, because their SQL
        scanner is very fast.  It covers a /16 in about an hour.  Don't know
        what the problem is, but something is definitely wrong.
        
        I haven't tried any other scanners.  I'll stick with the MS and eEye
        scanners.
        
        Paul Schmehl (pauls@xxxxxxxxxxxx)
        Adjunct Information Security Officer
        The University of Texas at Dallas
        AVIEN Founding Member
        http://www.utdallas.edu/~pauls/ 
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] [SECURITY] [DSA-380-1] New xfree86 packages fix multiple vulnerabilities
Next by Date: [Full-Disclosure] Re: Preventing-issues-in-web-UI FAQ?
Previous by thread: RE: [Full-Disclosure] RPC scanners
Next by thread: [Full-Disclosure] Oh, this is good.
Index(es):
- Date
- Thread