lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <F511C3C1E3C7DF488FB1A0799A16589163988D@mail1.corp.qualys.com>
From: ngirard at qualys.com (Norman Girard)
Subject: Nachi Worm

That's true. As soon as the box is infected, the port 707 is open and offers a remote shell access. But the port is actually dynamic if the port was already open before the infection.
 
The trouble is that Nessus will just tell you that the port is open. And it's pretty tough to highlight it on a yellow page book report based on couple of class-B scan... ;-)

-----Original Message-----
From: Discini, Sonny [mailto:Sonny.Discini@...tgomerycountymd.gov]
Sent: Thursday, December 04, 2003 2:24 PM
To: Norman Girard; David Loyd; isp-security@...-securtiy.com
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Nachi Worm


Actually, if you scan for port 707 and it is open, you can be sure that the box is infected. This is how we pinpoint Welchia/Nachia infections. 
 
 
Sonny Discini
Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
-----Original Message-----
From: Norman Girard [mailto:ngirard@...lys.com] 
Sent: Thursday, December 04, 2003 3:32 PM
To: David Loyd; isp-security@...-securtiy.com
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Nachi Worm


Dave,
 
You can scan but only through the registry access. You need to provide the login credentials of the domain...

-----Original Message-----
From: David Loyd [mailto:2of2@...matrix01.us]
Sent: Thursday, December 04, 2003 11:53 AM
To: isp-security@...-securtiy.com
Cc: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Nachi Worm


Does any one know if you can sacn of the nachi worm or the rpc.dcom vulnerability with nessus
 
Thanks

Dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031204/3b35e48e/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ