[HanoiLUG] conficker scanning

Mon, 01 Aug 2011 01:58:03 -0700 

Chào các bác,

Network vẫn bị conficker ăn như thường.
Ở Hà Nội, nếu đem USB ra ngoài y như rằng sẽ dính conficker (và một tá worm khác nữa). 

Em scan bằng nmap, chỉ để biết máy nào dính thôi, chứ không remove

# http://nmap.org/nsedoc/scripts/smb-check-vulns.html

Cách chạy: kiểu kiểu thế này:


[vuhung@ ~]$ sudo  ~/bin/nmap --script=smb-check-vulns 
--script-args=safe=1 -p445 -d 192.168.1.0/24



[vuhung@ ~]$ sudo  ~/bin/nmap --script=smb-check-vulns 
--script-args=safe=1 -p445 -d x.y.z.t


Starting Nmap 5.35DC1 ( http://nmap.org ) at 2011-08-01 15:04 ICT
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 1 scripts for scanning.
Initiating ARP Ping Scan at 15:04
Scanning x.y.z.t [1 port]

Packet capture filter (device eth0): arp and arp[18:4] = 0x0050DA92 and 
arp[22:2] = 0x6227

Completed ARP Ping Scan at 15:04, 0.01s elapsed (1 total hosts)
Overall sending rates: 80.69 packets / s, 3389.01 bytes / s.
mass_rdns: Using DNS server x.y.z.3
mass_rdns: Using DNS server 208.67.222.222
mass_rdns: Using DNS server 208.67.220.220
Initiating Parallel DNS resolution of 1 host. at 15:04
mass_rdns: 0.13s 0/1 [#: 3, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 15:04, 0.13s elapsed

DNS resolution of 1 IPs took 0.13s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 
0, SF: 0, TR: 1, CN: 0]

Initiating SYN Stealth Scan at 15:04
Scanning x.y.z.t [1 port]

Packet capture filter (device eth0): dst host x.y.z.123 and (icmp or 
((tcp or udp or sctp) and (src host x.y.z.t)))

Completed SYN Stealth Scan at 15:04, 0.01s elapsed (1 total ports)
Overall sending rates: 100.18 packets / s, 4407.93 bytes / s.
NSE: Script scanning x.y.z.t.
Nmap scan report for x.y.z.t
Host is up, received arp-response (0.00016s latency).
Scanned at 2011-08-01 15:04:28 ICT for 0s
PORT    STATE  SERVICE      REASON
445/tcp closed microsoft-ds reset
MAC Address: 00:17:A4:CC:7A:38 (Hewlett Packard)
Final times for host: srtt: 158 rttvar: 3758  to: 100000


Read from /1TB.SATA.HDD/home/vuhung/share/nmap: nmap-mac-prefixes 
nmap-payloads nmap-services.

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
           Raw packets sent: 2 (72B) | Rcvd: 3 (108B)

_______________________________________________
POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines
_______________________________________________
HanoiLUG mailing lists: http://lists.hanoilug.org/
HanoiLUG wiki: http://wiki.hanoilug.org/
HanoiLUG blog: http://blog.hanoilug.org/





















					Trả lời cho