[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60AD0@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: RPC scanners
Thanks for the helpful tip.
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
-----Original Message-----
From: deji [mailto:deji@...molafe.com]
Sent: Friday, September 12, 2003 12:08 PM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] RPC scanners
Paul, the MS Scanner actually give yous a report of what's missing. Use the /l:Logfilename option and it will produce a nice little log file with the following entries:
Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
192.168.11.250: patched with KB824146 and KB823980
192.168.11.246: patched with KB824146 and KB823980
192.168.11.247: patched with KB824146 and KB823980
<snip>
This is in addition to the /o option that only lists the IP addresses of suspect systems.
Sincerely,
D?j? Ak?m?l?f?, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
_____
From: Schmehl, Paul L
Sent: Fri 9/12/2003 7:18 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] RPC scanners
My $0.02.
The MS scanner covers a /16 in about two hours. It *will* report Win9x
machines as vulnerable, but that's a price I'm willing to pay.
Unfortunately it gives you an IP list with no indication of what is
wrong with the box. (Is it missing both 026 & 039? Just 039?) But it
allows you to script things that can help automate remediation
processes.
The eEye scanner works very well, but it limits you to a /24, which is a
bit of a pain. We use it for monitoring the worst offenders (VLANS, not
people.)
The Foundstone scanner? Well, I started scanning the /16 last night
around 6PM. It's at 62582 addresses right now, so I suppose it will
finish some time today. Not good. I was surprised, because their SQL
scanner is very fast. It covers a /16 in about an hour. Don't know
what the problem is, but something is definitely wrong.
I haven't tried any other scanners. I'll stick with the MS and eEye
scanners.
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030912/586372d5/attachment.html
Powered by blists - more mailing lists