pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc] nmap update now conficker detection is available ?

Is there any chance of an update to the version of nmap in pkgsrc now that Conficker/downanup detection is (apparently) available ?

From: Fyodor <> Date: Mon, 30 Mar 2009 13:03:19 -0700

Hi All! We found out just yesterday about new research by Tillmann Werner and Felix Leder of a way to anonymously scan for Conficker worm infections! Ron sprang into action and added the detection to the smb-check-vulns NSE script! I even had to infect one of my own systems for Ron to test with. David and Brandon helped too. And now we're happy to release Nmap 4.85BETA5, which includes the Conficker detection!

You can find it on the download page:

Here is an example command for detecting Conficker:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

It is worth scanning soon, since Conficker nodes are set to be updated with new instructions on Wednesday if they aren't cleaned by then!

Note that I've removed 4.76 from the D/L page as I think 4.85BETA5 is the way to go in general.

Test this out soon, if you can, and send your results to nmap-dev, as this release is sure to get a lot of attention and interest :).

Here are the changes since 4.85BETA4 a couple weeks ago:

o Ron (in just a few hours of furious coding) added remote detection of the Conficker worm to smb-check-vulns. It is based on new research by Tillmann Werner and Felix Leder. You can scan your network for Conficker with a command like: nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]



Home | Main Index | Thread Index | Old Index