[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc] nmap update now conficker detection is available ?
Is there any chance of an update to the version of nmap in pkgsrc now that
Conficker/downanup detection is (apparently) available ?
From: Fyodor <fyodor_at_insecure.org>
Date: Mon, 30 Mar 2009 13:03:19 -0700
Hi All! We found out just yesterday about new research by Tillmann
Werner and Felix Leder of a way to anonymously scan for Conficker worm
infections! Ron sprang into action and added the detection to the
smb-check-vulns NSE script! I even had to infect one of my own
systems for Ron to test with. David and Brandon helped too. And now
we're happy to release Nmap 4.85BETA5, which includes the Conficker
You can find it on the download page:
Here is an example command for detecting Conficker:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
It is worth scanning soon, since Conficker nodes are set to be updated
with new instructions on Wednesday if they aren't cleaned by then!
Note that I've removed 4.76 from the D/L page as I think 4.85BETA5 is
the way to go in general.
Test this out soon, if you can, and send your results to nmap-dev, as
this release is sure to get a lot of attention and interest :).
Here are the changes since 4.85BETA4 a couple weeks ago:
o Ron (in just a few hours of furious coding) added remote detection
of the Conficker worm to smb-check-vulns. It is based on new
research by Tillmann Werner and Felix Leder. You can scan your
network for Conficker with a command like: nmap -PN -T4 -p139,445 -n
-v --script=smb-check-vulns --script-args safe=1 [targetnetworks]
Main Index |
Thread Index |