RE: [Full-Disclosure] Scanning the PCs for RPC Vulnerability

From: Jerry Heidtke (jheidtke_at_fmlh.edu)
Date: 09/03/03

  • Next message: Alexander Müller: "[Full-Disclosure] SMC7004VB sensitive information leak" 
    To: "Nadeem Rafi" <nrafi@jeraisy.com>, <full-disclosure@lists.netsys.com>
Date: Wed, 3 Sep 2003 08:45:55 -0500

    Early versions of the tools from both ISS and eEye had problems with
    false positives. These problems seems to be fixed in the most recent
    versions. Foundstone and MS are probably running into the same issues
    with their first releases. MS probably won't get it right until version
    3.1...
     
    Founstone's RPCScan 1.01 looks like it correctly identifies Win9x
    computers. Make sure you're using that version. I don't like Founstone's
    RPCScan anyway because there's no way to export the results or generate
    a report. I use scanms.exe from ISS, and run it through a little perl
    program I wrote that takes a list of IP ranges, scans them, and
    generates a spread*** with the systems it found, the vulnerability
    status, dns and netbios names, domain, user, and mac address. This has
    been useful it tracking down and disconnecting people who don't want to
    patch their systems for whatever reason.
     
    Jerry

            -----Original Message-----
            From: Nadeem Rafi [mailto:nrafi@jeraisy.com]
            Sent: Wednesday, September 03, 2003 5:07 AM
            To: full-disclosure@lists.netsys.com
            Subject: [Full-Disclosure] Scanning the PCs for RPC
    Vulnerability
            
            
            I have found some faults in the scanning tools available from
    Foundstone and Microsoft for RPC vulnerable machines. Both of these
    tools are not error free. These tools are showing the ip addresses of
    even those machines which are Windows 9x, Windows98/Sec, Windows ME.
    Both tools are not free from this error.
            And Foundstone's RPC Scan tool is even more error prone. If you
    even applied all the patches in correct sequence even then some of my
    machines are reported as "Vulnerable".
             
            Any body have any experience with these problems or any
    suggestions please let me know.
             
            Best Regards,
             
            Nadeem Rafi

    Confidentiality Notice: This e-mail message, including any attachments,
    is for the sole use of the intended recipient(s) and may contain
    confidential and privileged information. Any unauthorized review, use,
    disclosure or distribution is prohibited. If you are not the intended
    recipient, please contact the sender by reply e-mail and destroy all
    copies of the original message.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Alexander Müller: "[Full-Disclosure] SMC7004VB sensitive information leak"
    • Quantcast