yeap
itīs true i run this program and show at least all the machines that have a
shared resource like (infected :S) but wasnīt true...
this program was helpfull just for my iis servers...
----->and this is a great place iīve learn a lot!!!!
>>I see the same thing on when I run the scans "open guest shares". I
>think it picks up if you have share created. We tested with a share,
>with selected users and it still gave back same response. Even though
>the access to the access to the share was restricted.
>
>-----Original Message-----
>From: John Stauffacher [mailto:[EMAIL PROTECTED]]
>Sent: Friday, September 21, 2001 10:13 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: RE:New Version of Retina Nimba Scanner
>
>
>All,
>
>I just ran this scanner and am picking up more false positives than real
>infections. Not only did it pick up all my Macs (they arent even running
>Dave or have any SMB shares), it picked up my indigo and my Snap Server
>(tell me how a snap server gets infected by this?). I realize that
>diagnosing these things is a shot in the dark - but, telling me "open
>guest share" when the machine is not sharing anything (or even listening
>on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of
>253 possible)...anyone else seen this kind of false positive from the
>scanner?
>
>-John Stauffacher
>
>+-------------------------+
>! John Stauffacher !
>! Network Administrator !
>! Chapman University !
>! [EMAIL PROTECTED] !
>+-------------------------+
>
> >
>Date: Thu, 20 Sep 2001 17:31:06 -0700
>From: info <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: New Version of Retina Nimba Scanner
>
>A new version of Nimda Scanner has just been posted to the eEye web site
>that will also detect open shares on systems which is a common trait of
>an infection.
>
>http://www.eeye.com/html/Research/Tools/nimda.html
>
>Signed,
>eEye Digital Security
>T.949.349.9062
>F.949.349.9538
>
>
>
>------------------------------------------------------------------------
>----
>This list is provided by the SecurityFocus ARIS analyzer service. For
>more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>
>
>
>
>------------------------------------------------------------------------
>----
>This list is provided by the SecurityFocus ARIS analyzer service. For
>more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
