meant to include that i got this when i read this: http://isc.sans.org/diary.html?storyid=6097
-BenN On Tue, Mar 31, 2009 at 10:52 PM, Ben Nordlander <[email protected]>wrote: > i used this as my scanner (latest (beta) version of nmap with the script > they list) > http://seclists.org/nmap-dev/2009/q1/0869.html > > what i did: > using Nmap (4.85BETA5) > > C:\program files\nmap\nmap.exe -sC --script=smb-check-vulns > --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 > --min-parallelism 64 -oA conficker_scan 10.0.0.0/16 > nmap-scan.txt > > i then searched nmap-scan.txt for the word infected. > > -BenN > > > > On Tue, Mar 31, 2009 at 7:05 PM, Jon D <[email protected]> wrote: > >> Can you access the remote share on said computers? >> I've noticed on computers with their firewall setup wrong(blocking >> sharing) that it would read as incomplete. >> >> The tool did find 1 computer on my network that was missing 20+ >> patches. Not sure what happened there..... >> >> >> Jon >> >> . >> >> >> >> On Tue, Mar 31, 2009 at 10:00 PM, Chyka, Robert <[email protected]> >> wrote: >> > I tried to scan some subnets and it says incomplete scan or something. >> Some machines can be scanned but most can't. What would be stopping the >> scan? >> > >> > -----Original Message----- >> > From: "Marc Maiffret" <[email protected]> >> > To: "NT System Admin Issues" <[email protected]> >> > Sent: 3/31/09 9:39 PM >> > Subject: Free Conficker Scanner >> > >> > A lot of you have been emailing me off list asking if eEye was going to >> make >> > a free Conficker scanner like they normally have done in the past for >> major >> > issues etc... >> > >> > They have in fact created one and it is completely for free and will >> detect >> > both vulnerabilities that Conficker uses and also systems infected with >> > Conficker. I would check for new versions as they will be making tweaks >> and >> > improvements as they receive feedback. >> > >> > http://www.eeye.com/html/downloads/other/ConfickerScanner.html >> > >> > Feel free to cross post and forward this email to other IT types that >> are >> > looking for a tool to help identity Conficker and related. >> > >> > -Marc Maiffret >> > www.marcmaiffret.com >> > >> > P.S. >> > If you are looking to be proactive and find this and more: >> > http://www.eeye.com/html/products/retina/index.html >> > >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
