RE: [Full-Disclosure] Nachi Worm

[Discini, Sonny]

Title: Message

Actually, if you scan for port 707 and it is open, you can be sure that the box is infected. This is how we pinpoint Welchia/Nachia infections.     Sonny Discini Network Security Engineer Department of Technology Services Enterprise Infrastructure Division Montgomery County Government -----Original Message----- From: Norman Girard [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 3:32 PM To: David Loyd; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Nachi Worm Dave,   You can scan but only through the registry access. You need to provide the login credentials of the domain... -----Original Message----- From: David Loyd [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:53 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] Nachi Worm Does any one know if you can sacn of the nachi worm or the rpc.dcom vulnerability with nessus   Thanks Dave