[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Nachi Worm
- To: "Norman Girard" <ngirard@qualys.com>, "David Loyd" <2of2@unimatrix01.us>, <isp-security@isp-securtiy.com>
- Subject: RE: [Full-Disclosure] Nachi Worm
- From: "Discini, Sonny" <Sonny.Discini@montgomerycountymd.gov>
- Date: Thu, 4 Dec 2003 17:24:20 -0500
Actually, if you scan for port 707 and it is open, you can be sure that
the box is infected. This is how we pinpoint Welchia/Nachia infections.
Sonny Discini
Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
-----Original Message-----
From: Norman Girard [mailto:ngirard@qualys.com]
Sent: Thursday, December 04, 2003 3:32 PM
To: David Loyd; isp-security@isp-securtiy.com
Cc: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Nachi Worm
Dave,
You can scan but only through the registry access. You need to provide
the login credentials of the domain...
-----Original Message-----
From: David Loyd [mailto:2of2@unimatrix01.us]
Sent: Thursday, December 04, 2003 11:53 AM
To: isp-security@isp-securtiy.com
Cc: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Nachi Worm
Does any one know if you can sacn of the nachi worm or the
rpc.dcom vulnerability with nessus
Thanks
Dave